I added just that one line into the “Global Advanced pass thru” field in the HAproxy Settings tab…applied the configuration changes and it worked immediately. Thanks. How did you do? Many thanks. How can I mark your reply as “solved the problem”!

Ok, I figure it out. someone can please, close this topic?

Hola andres,

Tengo configurado pfsense 2.6 con squid y squidguard. presento el mismo problema para acceder a la pagina web del cne: http://www.cne.gob.ve/web/index.php

Aplique varias configuraciones en el squid :
X-Forwarded Header Mode : probe la opcion de truncate, borrar.

Deshabliite este parametro: Disable VIA Header
If not set, Squid will include a Via header in requests and replies as required by RFC2616.

Verifique la resolución de los dns

Agregue la url completa en el squidguard,
Agregue la url dentro del whitelist del squid

y aun persiste la falla.

Queria saber si habias encontrado una solución.

Gracias

@karimhaydar31 You can't access TLS resources by IP address if the IP address is not in the certificate they present. This is TLS doing what TLS is supposed to do. Not sure what you are trying to accomplish and why.

@ageekhere Thanks for the reply, I wanted to also show that if really needed you could access and load shalla's old blacklist in an emergency if you needed one.

@gtrovato I just noticed the correct location to adjust them is different. If you are using squidguard is Package/Proxy filter SquidGuard: General settings/General settings under service options.
Screenshot 2023-01-11 at 9.58.52 PM.png
(Image: Rewrite Process Children)

If you try to set this with just Squid advanced options it gets rewritten each time Squidguard is reconfigured or with every reboot. Just configure this advanced setting inside of squidguard and the advanced settings in Squid Proxy will reflect the change better this way.

After the new configurations holds
Screenshot 2023-01-11 at 10.04.49 PM.png

Resolved, there was an issue in connection limit

@viragomann I must have not made what I wrote Crystal clear.
Pfsense + haproxy is working, haproxy has my true wan ip but when it tries to send it to CF it gets the proxied ip back.

Or the error is Connection time out, 522. When trying to reach a service.

Have I found a bug in the Web GUI maybe?
I have 6 certificate's only 5 appear under Frontend SSL Offloading, Additional certificates.

@maverick_slo that’s a good sign !

@viragomann Thats correct.

@periko
Hi Periko,
the pfsense version is 2.6.0.

In addition to the internal DNS (to resolve internal sites) located in System->General Setup I also use alternative DNS for the Proxy Server in Proxy Server->General Settings

To solve the problem in Proxy Server->General Settings I use the pair of public dns 8.8.8.8;8.8.4.4 and in case of error I use 1.1.1.1;1.0.0.1

After making this change, the clients using the proxy start working smoothly and the problem is solved.

Greetings

Michele

@jonathanlee dns_v4_first the maintainer has to update the GUI and remove that option, nothing to worry.
The 2nd line is telling u that squid is already running.
If u don't handle the console, reboot pfsense, if yes, them kill all the squid process and restart the services.
Regards!!!