• Squid ICAP Protocol Error

    1
    0 Votes
    1 Posts
    353 Views
    No one has replied
  • Name solution with Local HAproxy+services?

    2
    0 Votes
    2 Posts
    471 Views
    MrPeteM
    we decided to go with: xyz-web -- for all internal web interfaces
  • E2GUARDIAN DUVIDAS

    2
    0 Votes
    2 Posts
    682 Views
    A
    e outra coisa eu tenho duas interface lan 192.168.1.1 e wifi 172.168.0.1 na lá esta ok mais como devo fazer pra usar na wifi tbem pq são faixas de ip diferente
  • HAProxy with pfSense + Docker Swarm + Nginx

    1
    0 Votes
    1 Posts
    684 Views
    No one has replied
  • Squidguard has stopped to filter Shallalist after pfsense 2.5.0 upgrade

    5
    0 Votes
    5 Posts
    1k Views
    M
    hello today I ran into this problem, and in the last version available today (I think it was 1.16.18_20) when checking the system log I could see that the error is due to the file being treated as a ".tar" file without compression. When I downloaded the file on another host, unzipped it, and used the url with the .tar file, it managed to extract and process the list of categories correctly. Here is the log that showed what the package was trying to do: Sep 10 14:01:33 firewall php[10138]: squidGuard_blacklist_update.sh: The command '/usr/bin/tar zxvf /tmp/squidguard_blacklist.tar -C /tmp/squidGuard/unpack' returned exit code '1', the output was 'tar: Failed to set default locale tar: Error opening archive: Unrecognized archive format' Sep 10 14:01:43 firewall php[10138]: squidGuard_blacklist_update.sh: The command '/bin/cp -f -p /tmp/squidGuard/arcdb/blacklist.files /usr/local/etc/squidGuard' returned exit code '1', the output was 'cp: /tmp/squidGuard/arcdb/blacklist.files: No such file or directory' greetings
  • Blacklist

    1
    1 Votes
    1 Posts
    343 Views
    No one has replied
  • HAproxy frontend disintegrates if to many rules are added.

    1
    0 Votes
    1 Posts
    264 Views
    No one has replied
  • can i use the ACL name as part of the backend server name?

    2
    0 Votes
    2 Posts
    397 Views
    P
    [image: 1631110364845-5491a6f4-4c82-4788-b155-a39e2d260f55-bild.png] So this is what I need to get a away from since there is obviosly a max number of rows pfSense accepts. I have reached that maximum.....
  • 0 Votes
    4 Posts
    3k Views
    stephenw10S
    Right so if Squidguard is blocking that traffic it will try to display an error page but that is hosted in the firewall behind that self signed cert over https. As a test only try setting the firewall webgui to http. If that works you need to change the Squidguard settings to either not display an error page or redirect to an externally host page over http. Steve
  • HAproxy-Devel config GUI bug

    haproxy bug backend acl
    1
    0 Votes
    1 Posts
    662 Views
    No one has replied
  • Squid Proxy Server

    squid
    1
    0 Votes
    1 Posts
    810 Views
    No one has replied
  • HAProxy valid certs at host

    2
    0 Votes
    2 Posts
    458 Views
    R
    @rupesh issue resolved.Found this great post @ (https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends
  • HAproxy return 403 or pfsense webGUI overides port 80

    haproxy
    1
    0 Votes
    1 Posts
    356 Views
    No one has replied
  • Erro 503 proxy squid acesso com reflexão Nat + proxy

    1
    0 Votes
    1 Posts
    227 Views
    No one has replied
  • If cancel authentification request the web page load correctly

    1
    0 Votes
    1 Posts
    235 Views
    No one has replied
  • 0 Votes
    2 Posts
    555 Views
    J
    Note **My Squid is not on Transparent mode because I need to authenticate users.
  • Using HAproxy for internal web servers

    7
    0 Votes
    7 Posts
    6k Views
    C
    @derelict thanks a lot for providing insights on your setup! I'd be interested in setting up something similar and have a couple of question I was hoping you could help answer. I made an RFC1918 VIP on localhost. Unfortunately it's this very first point I already don't understand If my understanding of the documentation is correct then an IP Alias (VIP) is simply an additional IP address one can assign to an interface, right? If so, what is the purpose of assigning it to localhost? So that it is reachable from each of the local interfaces/networks? HAproxy binds to that. Why not binding it to the WAN interface/address? I port forward WAN to that. I guess that's necessary because the HAProxy is bound to the VIP and not the WAN address? I have split DNS inside pointing to the inside VIP address. What does this mean exactly? Do you have a domain override for your domain(s)? If so, what's the purpose of that? To avoid NAT reflection that you mentioned in your post above? Outside DNS, of course, points to WAN through various Dynamic DNS trickery. I CNAME all the domains to one record that is updated via Dynamic DNS (on hurricane). I use a wildcard certificate and have only a * CNAME and an A DNS record pointing to my WAN address (dynv6.com as dynamic DNS provider). I have the DNS-01 challenge running and the certificate is currently retrieved via a dedicted certbot instance and used on a dedicated nginx instance. However, I'd like to switch to the pfsense HAProxy/ACME setup. It all works great. The nextcloud app on my phone does not care if it is inside or outside. It just works. The ACME package handles all the certs. inside or outside get the same ones. Connections to the backends are unencrypted. And, like you, I grew weary of maintaining certificates on all the backends and haven't thought about it for months. If I'm not mistaken, I could keep the traffic encrypted even in the backend with my dedicated nginx reverse proxy, right? So HAProxy would do the SSL/TLS offloading and communicate via https with my dedicated nginx reverse proxy (which in turn is proxying to the various docker containers/services I have). The HAProxy would be used also for other various hosts on the network (via host overrides), including the pfsense host itself, in order to get rid of the self-signed certificate warnings. As all the other hosts have https enabled by default, the complete traffic should be encrypted and a valid certificate should be proviced by the HAProxy. Or am I missing something here? The only thing that might need further consideration is limiting access to the internal hosts, i.e. they should not be reachable from outside. I guess that's what the HAProxy access lists are for?
  • Log Pages Denied by SquidGuard? (SOLVED)

    10
    0 Votes
    10 Posts
    5k Views
    K
    @kasalencar below this line $sge_prefix=(preg_match("/\?/",$cl['u'])?"&":"?");
  • A few squid questions

    3
    0 Votes
    3 Posts
    618 Views
    F
    @kom I'm totally open to rethinking it . I was reading about what Squid does with caching and figured it would be really useful. But hey if it's not then it's not. One less thing for me to worry about. I'll look into webcrawlers and site downloaders. My connection speed is rarely an issue, but you know our connection to a site is only as fast as the site is. Even then, maybe I will just dump the entire idea. Thx for the reply!
  • Squid Proxy not working with WhatsApp (not trasparent mode)

    3
    0 Votes
    3 Posts
    2k Views
    J
    @Michele-trotta I'm not using transparent mode, but to make WhatsApp work, I had to whitelist whatsapp.net and whatsapp.com.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.