@daddygo
We use a starface phone-system and every soft-client uses 5060.
And also starface itself uses 5060 to connect to our sip-providers through the internet.
I finally cracked it. In order for the settings for the frontend to work, a matching SNI filter was needed so that the crt-list would kick in. Settings for the sub-frontend for client side certs were ignored without the SNI match.
Regular expression in the squidguard is also not working. I tried to make several blocks including using: \.facebook.com and even then it does not block. It only works when I put it in the domains box.
I guess I forgot to mention the fact that I have HAproxy up and running, but it's currently only working for HTTP and HTTPS on ports 80 and 443, respectively. I'm also already running Snort with the paid rules set. I understand Suricata is somewhat better with Layer 7 app detection. Specifically, it can identify HTTP and SSH traffic on non-standard ports, which would likely be more beneficial in this use case now that you mention it.
Trust me, I'm the same way! I'm learning as I go here! :-)
@mcury
Thanks for the reply, so got it working, i used the pf2ad script
but on ldap for squidguard how to add a group with a space the group is called domain users
I am using the non-devel haproxy 0.61_1, so that is probably the difference. I'd imagine these changes in devel will eventually make it to the non-devel version?
It seems like I could tweak this further without upgrading the haproxy package to devel so I'm going to keep it on the stable release for now, but it is good to know it might be easier in the future. I looked all over today and kept getting back to this post.
In the "Actions" table, look for the "Condition acl names" column. You can enter one or more ACL names for any action, separated by spaces. If you enter more than one ACL name for an action, ALL ACLs must match for the action to occur (ANDed conditions).
