@doktornotor mesmo instalando o repositório não oficial, e buscando o pacote, ele gera essa recomendações de conf mesmo:

Após instalar o pacote temos a seguinte recomendação. Você consegue executar?

Modify your httpd.conf to allow access to HTML output like follow:
Alias /squidreport /usr/local/www/squidreport

Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1

If necessary, give additional host access to SquidAnalyzer in httpd.conf.
Restart and ensure that httpd is running. Browse to http://my.host.dom/squidreport/ to ensure that things are working
properly. Setup a cronjob to run squid-analyzer daily: SquidAnalyzer log reporting daily

0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1

or run it manually.
For more information, see /usr/local/share/doc/squidanalyzer/README file.

Cleaning up cache… done.

@fireix estou com o mesmo erro. Porém nem tenho cach ativo no squid.
Já reiniciei o pfesene e continua.

@gertjan

Thank you, I had seen this thread and followed the OP's advice prior to the expiry of the LE certificate. So I thought I was prepared.

But reading again and on, there was a problem reported, not exactly mine but similar enough.

(Apparently, my problem was not the certificate itself (as expected by you) but the root or the intermediate certificate (the browser on my phone did not go into those details)).

I followed the advice, deleted the CAs and renewed the certificate again. This recreated the CAs and solved my problem.

Still strange that I encountered the problems only on my mobile but not on my PC...

6 year old post about 2.1.5??

Solved!

Found the issue, apparently the health check settings in the backend configuration was the "culprit".
The default setting is HTTPS check and changed it to a basic (socket) check.

So it had nothing to do with my cert or HAProxy configuration itself (beside the health check setting).

@ageekhere
Yeap, of course !

OK Quick update, this is done using "Remote cache" in the config (the entire tab is done with this).

I now have a working proxy for http requests, and I'm not sure on how to apply the same thing (forward every request to upstream proxy) for https without having to setup a CA.

Any ideas?

@nfld_republic haproxy-package uses version 1.8 and is not affected. Only version 2.0 and above.
haproxy-devel-package is using 2.2.14 and thus affected. Fixed version is 2.2.17.

@alexander90 no

EDIT:
This part "(./..(rar|mp3|exe|vpu))" doesn't work, rest of settings, i.e. radio|teamviewer works fine, sites are blocked.

we decided to go with:

xyz-web -- for all internal web interfaces

e outra coisa eu tenho duas interface lan 192.168.1.1 e wifi 172.168.0.1 na lá esta ok mais como devo fazer pra usar na wifi tbem pq são faixas de ip diferente

hello
today I ran into this problem, and in the last version available today (I think it was 1.16.18_20)
when checking the system log I could see that the error is due to the file being treated as a ".tar" file without compression.
When I downloaded the file on another host, unzipped it, and used the url with the .tar file, it managed to extract and process the list of categories correctly.

Here is the log that showed what the package was trying to do:

Sep 10 14:01:33 firewall php[10138]: squidGuard_blacklist_update.sh: The command '/usr/bin/tar zxvf /tmp/squidguard_blacklist.tar -C /tmp/squidGuard/unpack' returned exit code '1', the output was 'tar: Failed to set default locale tar: Error opening archive: Unrecognized archive format'

Sep 10 14:01:43 firewall php[10138]: squidGuard_blacklist_update.sh: The command '/bin/cp -f -p /tmp/squidGuard/arcdb/blacklist.files /usr/local/etc/squidGuard' returned exit code '1', the output was 'cp: /tmp/squidGuard/arcdb/blacklist.files: No such file or directory'

greetings