@lavenetz Only one MiaB, so, Standard, I think.

@annwenn installed 23.01 version software.

@jonathanlee As of 2-24-23 this has been resolved with . . . "Empty script bytecode-334.cdiff, need to download entire database" Clamd successfully notified about the update. bytecode.cvd updated (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Database test passed. Testing database: '/var/db/clamav//tmp.a3a9145360/clamav-e149ec24c4c3dccbcffc8540df3d4b2a.tmp-bytecode.cvd' ... Empty script bytecode-334.cdiff, need to download entire database bytecode database available for update (local version: 333, remote version: 334) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) daily.cld database is up-to-date (version: 26821, sigs: 2021707, f-level: 90, builder: raynman) ClamAV update process started at Thu Feb 23 16:57:00 2023 [image: 1677260283657-screenshot-2023-02-24-at-5.54.34-am-resized.png]

@dochy Nice Config, [image: 1677132868828-screenshot-2023-02-22-at-10.13.55-pm-resized.png] This is mine, I set specific devices to splice as source, I have a regex list saved in /usr/local/pkg/url.nobump after I peak at step1 splice the source addresses like the game system and tablets after I splice the URLs I have marked as trusted like banks, and I bump everything else. [image: 1677133017199-screenshot-2023-02-22-at-10.16.42-pm-resized.png] This is my custom file I have items that won't work correctly with bump like antivirus, some updates, itunes etc. The main sites I want bumped are sites I do not normally go to, random sites this way it still stops viruses with HTTPS being checked. [image: 1677133112868-screenshot-2023-02-22-at-10.18.19-pm-resized.png] I hope that helps as it seems like you have some 409 errors look up the server errors "The HTTP 409 status code (Conflict) indicates that the request could not be processed because of conflict in the request" These sites I would look into splicing if you need them, teams is one I splice its so slow without it.

@bluegrass-168 use https://github.com/mmd123/squid-cache-dynamic_refresh-list for refresh_pattern (note you can always submit pull requests to improve the list). "Actually, I want to cache every thing as I can." In order to cache https you need to use SSL Man In the Middle Filtering However you do not want to mitm everything as it breaks way too many things. So use Custom Options (SSL/MITM) than add something like this acl step1 at_step SslBump1 acl monitoredSites ssl::server_name "/home/bumpsites.txt" ssl_bump bump monitoredSites ssl_bump peek step1 ssl_bump splice all and at the file location /home/bumpsites.tx add your list of sites you want to decrypt to cache. Here is a list that i made (NOTE: i have not tested all domains, so if some have issues remove them, eg things like ubisoft.com) bumpsites.txt What i did was i went to winget https://github.com/microsoft/winget-pkgs and got a list of the download domains. This should also cache steam and epic games. Good luck

Awesome! Thank you!

@jlee_eye [image: 1676521116451-d05bcb5c-2383-47af-a0b5-534b06632500-image.png] Have you tried to play around with the custom options and get one that works well yet? This was the one that consumes less memory and works better for me.

@kenj05 What browser are you using? I follow this Video for my 2.6.0 pfsense and it works. https://www.youtube.com/watch?v=DTD5lYPjLns&list=LL&index=1 So is the SSL inspection function.

@boatsman No idea. But why don't you simply restore a config backup? It's 15 in the console menu.

@michmoor said in Transparent Squid via Splice = Intermittent SSL Connectivity Failures: @the_boss you will need to whitelist the domain. It’s possible there is certificate pinning going on. I see, thanks. It is my understanding that Peek/Splice has no issue with pinning, and only Bump does, no? The quantity of things getting blocked randomly would make any whitelisting insurmountable. Others seem to report no challenges with Splice.

@s3v3nd34dly51ns When you forward the traffic, it cannot reach HAproxy anymore, no matter if it is installed and running or not. Port forwarding happens at the first level on the incoming packets. So HAproxy or even its settings might not be responsible for your issue at all. If you're in doubt, you can sniff the traffic on the inside interface. So there will be another reason for that. Best to investigate with packet capture to see, what's going on.

@myster_fr thank you, just ran into this issue and i confirm, it works.

@jonathanlee [image: 1676082797244-screenshot-2023-02-10-at-6.32.55-pm-resized.png] I adapted this for testing and set it to stare all because of this statement on their website, "The following configuration obtains SNI by parsing TLS Client Hello (due to a matching peek rule at step1) and then either splices bank connections OR stares at the TLS Server Hello (due to a matching stare rule) and bumps non-bank connections (due to the default bump-after-stare rule)." It has a default bump after stare rule, so bump step 3 is not needed I am thinking. This also seemed to speed up everything. Ref: https://wiki.squid-cache.org/Features/SslPeekAndSplice

@viragomann I tried looking into absolute path but then why did it work when it was published with TMG? Nothing changed in the backeend.

@cyrus104 I was able to make this work by adding following custom ACL: [image: 1675623608382-2m3tjblqot.png]

@michmoor Thank you for your reply The Squid logs doesn't show any activity concerning the Outlook application only web traffic through the browser. when i try to reach our webmail it fails with tcp:denied. i added 993 465 and 2096 (webmail port) to the list of safe ports. Now the webmail works but not Outlook. As i have stated the end users needs to be routed through the 172.26.2.1 router because of our provider but the network doesn't have internet connection. The sole purpose of installing pfSense was to implement the proxy so the end users can use the internet(with exceptions added to the proxy), it's not really acting as a router.

@dbmandrake [image: 1675445648251-799ecc95-da12-4329-8986-86e3b8bbb51d-image.png] [image: 1675445525877-61216ded-5a50-4492-b951-3825dfab0c9d-image.png] Thanks for the info, it's working great. 9:29 AM test ran automatically.