• Squid Log Clam AV Files Stopped Working and Redirect now blank

    11
    0 Votes
    11 Posts
    1k Views
    JonathanLeeJ
    @gertjan Error squidclamav_check_preview_handler: Wed Nov 30 15:56:36 2022, 92197/1098002432, ERROR clientip is null, you must set 'icap_send_client_ip on' into squid.conf [image: 1669852992693-screenshot-2022-11-30-at-4.02.08-pm.png] It goes on and on... I have also just added adaptation_send_client_ip {$icap_send_client_ip} to line 234 of [image: 1669853016667-screenshot-2022-11-30-at-3.32.23-pm-resized.png] ref https://forum.netgate.com/topic/129331/adaptation_send_client_ip-vs-icap_send_client_ip?_=1669853066007 It seems to already be enabled also, any ideas? [image: 1669853231717-screenshot-2022-11-30-at-4.06.21-pm.png] Keep in mind it all worked until a week or so ago, not it will not even see the test virus anymore
  • Adaptation_send_client_ip vs icap_send_client_ip

    2
    1 Votes
    2 Posts
    921 Views
    JonathanLeeJ
    @tyoungls adaptation_send_client_ip {$icap_send_client_ip} are you sure it is not line 234? [image: 1669851180192-screenshot-2022-11-30-at-3.32.23-pm-resized.png]
  • Squid Clamd and ICAP port questions

    1
    0 Votes
    1 Posts
    371 Views
    No one has replied
  • Suricata and Squid Proxy

    4
    0 Votes
    4 Posts
    2k Views
    J
    @bmeeks Thanks for the reply! Understood!
  • HAProxy - how to delay "coming up" by 30seconds

    1
    0 Votes
    1 Posts
    313 Views
    No one has replied
  • 0 Votes
    1 Posts
    274 Views
    No one has replied
  • how configure shared frontend with two backends

    2
    0 Votes
    2 Posts
    444 Views
    T
    @cesd I answer because noone did till now. To create shared frontend, just create your 1st, then on 2nd, it will show you the warning msg and the second website will not work error 50x. a tthis point go to the first frontend, edit it and select, shared frontend, on dropdown menĂ¹, choose the 2nd frontend. thats'it
  • PFSense Squid Guard proxy filter locking domain user accounts constantly

    Moved
    1
    0 Votes
    1 Posts
    362 Views
    No one has replied
  • Questions about HAProxy

    1
    0 Votes
    1 Posts
    330 Views
    No one has replied
  • HAProxy - Dynamic selection of backend based on subdomain

    1
    0 Votes
    1 Posts
    297 Views
    No one has replied
  • CA not appearing under Squid's SSL filtering dropdown

    1
    0 Votes
    1 Posts
    315 Views
    No one has replied
  • Error installing Squid on pfSense 23.01-DEVELOPMENT

    1
    0 Votes
    1 Posts
    309 Views
    No one has replied
  • Allow telegram on squid pfsense

    1
    0 Votes
    1 Posts
    303 Views
    No one has replied
  • Redirect HTTPS trafic from Internal LAN

    Moved
    16
    0 Votes
    16 Posts
    1k Views
    johnpozJ
    @llinty If your forwarding on your hypervisor - that is where you would have to put in the nat reflection its that simple.. Not sure how you expect the haproxy to proxy traffic it is never seeing.. Put in a host override in pfsense so you client resolves the fqdn to whatever pfsense actual wan IP is where the haproxy is listening.
  • 0 Votes
    3 Posts
    656 Views
    M
    @jimp Perfect, thanks for the explaination :)
  • [SOLVED] HaProxy forward client IP

    Moved
    11
    0 Votes
    11 Posts
    17k Views
    B
    @braunerroei Then your frontend config looks like this? [image: 1667605762622-196c1e01-1e74-49f5-87c8-4d22eb7bf590-image.png] That's the SSL Offloading I was talking about. If you don't check that box, then pfSense won't negotiate SSL. I was worried that you might be processing unencrypted. In any event, I resolved my 503 problems. I'm not using the default port 443 for this new connection. Therefore, the value of the "Host Matches" ACL entry needed to be my.host.com:6407. I had used my.host.com with no port. I had assumed that HAProxy would tack the port number on to the value because the port number is specified in the external address table. I see now it can't do that. The External Address table may contain multiple entries. It follows that the ACL match routine has no way to know your intentions unless you specify the port number in the ACL. Thanks for the help. Your answers got me questioning my own configuration which turned out to be in error.
  • Enabling CORS in HAProxy

    7
    0 Votes
    7 Posts
    6k Views
    CreationGuyC
    Here's what worked for me. I did have to add the lua script to files, however, see my screen shot for the CORS settings. Once I read the lua documentation I was able to add what I needed to get my CORS data to work properly. [image: 1667359059584-screenshot-2022-11-01-at-23-13-27-thewall.jrfam.net-services-haproxy-frontend-edit.png] Not that I did remove my domain for privacy. It's .mydomain.com. I used the . to include all subdomains.
  • Direct access to pfsense ip address and haproxy

    1
    0 Votes
    1 Posts
    380 Views
    No one has replied
  • HAProxy - Slow "Establishing Secure Connection" ??

    4
    0 Votes
    4 Posts
    642 Views
    CreationGuyC
    @creationguy Any further ideas?
  • Cannot change squidguard blacklist URL

    2
    0 Votes
    2 Posts
    540 Views
    D
    Answering my own question... I had forgotten that the URL was originally configured in Squid Guard -> General Settings -> Blacklist options at the bottom of the page. Saving the new value here makes it permanent. I'm not really sure why there is the option to enter a different URL in the Blacklist update page - that seems like a confusing UI design decision.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.