@swinster there is a bug which is already reported, we are still waiting the fix.

@kom My use case was to restrict internet access to internal servers, allowing only permitted URL/IP combos, distro repos, etc. So no need for WPAD (+ I have no idea how it works)
And yes good of you to mention it because I forgot, also blocked all internet access in pfsense rules.

@jycai with free cf choose flexible mode.
Check your pfsense firewall.
Sometimes problem at frontend and backend. I remove and recreate. It’s work

how to bypasss pfBlockerNG from squid.

@dmalick Hit means its already stored, miss means its stored as of now because it was never stored yet, refresh means dynamic based refresh that is out of date or expired timer. Do a quick search on the specifics, you will never have 100 percent hits.

@mit the path is /usr/local/pkg/squid_antivirus.inc not squid.inc for latest pfsense 2.6 squid 0.4.45_9

@breezytm Thank for the reply. I finally was able to get it working after I found one site that provided some reference configurations. Here is my post on the netgate forum if you are still looking for a solution.

https://forum.netgate.com/topic/174705/haproxy-ssl-offloading-openvpn-ssh

@dmalick

This seems to fix a lot of the issues for me. Stop using squid with the loopback of the firewall only the LAN side.

I feel it speeds up the firewall traffic also. The loopback must access the squid cache for example, or the dns must access the loopback.

Again I feel it is a bit less safe to do this.

headers.PNG

@gertjan cheers mate thanks for the the clarification. I will try to get in deep on this will share here if get any outcome. Thanks again.

@kevin-ruffus
hello @kevin-ruffus
i have same problem (https://forum.netgate.com/topic/174699/not-update-new-config-port-in-server-list-backend-haproxy-pfsense?_=1663094167349)