My problem with this is the need of a whitelist. I curruntly don't know how to have something like "whitelist all except blacklist and pages scaned with a virus" I don't use squidguard but PFBLockerng-devel witch is in my opinion better. It should be a regex like ^.* minus blacklist but I don't see anything on how to do this properly. I have a thread about this: https://forum.netgate.com/topic/175557/squid-clamav-mitm-custom-setting?_=1667128733894

I think you may need to use the development version. MQTT support appears to have been added in HAProxy 2.4. Steve

@creationguy said in HAProxy & ACME - Site not loading: HAProxy / Frontend [image: 1666844101428-screenshot-2022-10-27-at-00-14-45-thewall.jrfam.lan-services-haproxy-frontend-edit.png] I selected Proxmox address as the site is on a VM in Proxmox server (10.20.20.3) on the VLAN, that server (10.20.20.4) is Ubuntu Server with Portainer running a docker for an intranet dashboard. 9455 is the port that the docker container uses for the intranet. This particular docker container does not ship with HTTPS. An Update: The front end configuration was the problem, the port needs to be 443. Also, just to note, on the backend, if the site does NOT have SSL, then you need to uncheck Encrypt(SSL) on the BACKEND. HAProxy / Backend intranet.mydomain.com [image: 1666844031139-screenshot-2022-10-27-at-00-13-35-thewall.jrfam.lan-services-haproxy-backend-edit.png] Everything is now working. Unfortunately, if I go to https://crt.sh/ and check my domain, I have a BUNCH of SSL certs. Oh well. Question: How does this tool auto-update my public IP with Cloudflare so that my @ record is always up to date?

Dear Periko Yes I enabled DNS Resolver option as Services tab - DNS-resolver-General options. In Network interfaces - LAN Selected while in outgoing Network Interfaces, I selected WAN interface. version of pfsense is 2.6.0-release (amd64).

No ideas or suggestions?

@sensewolf anybody got this working?

@gertjan thanks i will do that

@mrit Okay, figured it out myself (and with the help of the WayBackMachine). Turns out, subdomains are only included for a domain if the domain is the only entry in the domain list. So makes it very hard for me, to also add subdomains (as wildcard) to my allowlist. Maybe it works using regular expressions... Source: https://web.archive.org/web/20210727190453/http://www.squidguard.org/Doc/aboutblocking.html

@periko Good morning, My whitelist I put https://secweb.procergs.com.br https://assinador.ac.rs.gov.br https://www.ac.rs.gov.br http://crl.globalsign.net https://www.alphassl.com http://ocsp.globalsign.com These were the addresses I put.

@jonathanlee not sure

@swinster there is a bug which is already reported, we are still waiting the fix.

@kom My use case was to restrict internet access to internal servers, allowing only permitted URL/IP combos, distro repos, etc. So no need for WPAD (+ I have no idea how it works) And yes good of you to mention it because I forgot, also blocked all internet access in pfsense rules.

@jycai with free cf choose flexible mode. Check your pfsense firewall. Sometimes problem at frontend and backend. I remove and recreate. It’s work

how to bypasss pfBlockerNG from squid.