Thank you for this! Got my application to work. Much appreciated.

I added just that one line into the “Global Advanced pass thru” field in the HAproxy Settings tab…applied the configuration changes and it worked immediately. Thanks. How did you do? Many thanks. How can I mark your reply as “solved the problem”!

Ok, I figure it out. someone can please, close this topic?

Hola andres,

Tengo configurado pfsense 2.6 con squid y squidguard. presento el mismo problema para acceder a la pagina web del cne: http://www.cne.gob.ve/web/index.php

Aplique varias configuraciones en el squid :
X-Forwarded Header Mode : probe la opcion de truncate, borrar.

Deshabliite este parametro: Disable VIA Header
If not set, Squid will include a Via header in requests and replies as required by RFC2616.

Verifique la resolución de los dns

Agregue la url completa en el squidguard,
Agregue la url dentro del whitelist del squid

y aun persiste la falla.

Queria saber si habias encontrado una solución.

Gracias

@karimhaydar31 You can't access TLS resources by IP address if the IP address is not in the certificate they present. This is TLS doing what TLS is supposed to do. Not sure what you are trying to accomplish and why.

@ageekhere Thanks for the reply, I wanted to also show that if really needed you could access and load shalla's old blacklist in an emergency if you needed one.

@gtrovato I just noticed the correct location to adjust them is different. If you are using squidguard is Package/Proxy filter SquidGuard: General settings/General settings under service options.
Screenshot 2023-01-11 at 9.58.52 PM.png
(Image: Rewrite Process Children)

If you try to set this with just Squid advanced options it gets rewritten each time Squidguard is reconfigured or with every reboot. Just configure this advanced setting inside of squidguard and the advanced settings in Squid Proxy will reflect the change better this way.

After the new configurations holds
Screenshot 2023-01-11 at 10.04.49 PM.png

Resolved, there was an issue in connection limit

@viragomann I must have not made what I wrote Crystal clear.
Pfsense + haproxy is working, haproxy has my true wan ip but when it tries to send it to CF it gets the proxied ip back.

Or the error is Connection time out, 522. When trying to reach a service.

Have I found a bug in the Web GUI maybe?
I have 6 certificate's only 5 appear under Frontend SSL Offloading, Additional certificates.