@s0p4l1n If you want to do URL filtering, use squidguard.

@notgato said in Haproxy, pfsense and synology’s multiple services: i can get some inspiration from this... that's for sure, because we manage nearly 40 streams, so... on this way. (sorry for the Hungarian language, but I'm not the only one using this interface Syno 6x SA3200D) We've been using Syno stuff for 14 years, happy to help, just ask

@daddygo We use a starface phone-system and every soft-client uses 5060. And also starface itself uses 5060 to connect to our sip-providers through the internet.

Anyone for help? Thank you

I finally cracked it. In order for the settings for the frontend to work, a matching SNI filter was needed so that the crt-list would kick in. Settings for the sub-frontend for client side certs were ignored without the SNI match.

@kom Works fine!! I had made the import without specifying in which store. tks

Hi all, Regular expression in the squidguard is also not working. I tried to make several blocks including using: \.facebook.com and even then it does not block. It only works when I put it in the domains box.

@rle,  I'll definitely look more into RADIUS. I guess I forgot to mention the fact that I have HAproxy up and running, but it's currently only working for HTTP and HTTPS on ports 80 and 443, respectively. I'm also already running Snort with the paid rules set. I understand Suricata is somewhat better with Layer 7 app detection. Specifically, it can identify HTTP and SSH traffic on non-standard ports, which would likely be more beneficial in this use case now that you mention it. Trust me, I'm the same way! I'm learning as I go here! :-)

@piba see also https://github.com/pfsense/FreeBSD-ports/pull/1066

@memphis2k Anybody? Is this not possible? Just looking for some thoughts

@mcury Thanks for the reply, so got it working, i used the pf2ad script but on ldap for squidguard how to add a group with a space the group is called domain users ldapusersearch ldap://apolo.casa.local:3268/DC=casa,DC=local?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=domain users%2cCN=Users%2cDC=casa%2cDC=local))

@johnpoz I am using the non-devel haproxy 0.61_1, so that is probably the difference. I'd imagine these changes in devel will eventually make it to the non-devel version? It seems like I could tweak this further without upgrading the haproxy package to devel so I'm going to keep it on the stable release for now, but it is good to know it might be easier in the future. I looked all over today and kept getting back to this post.

In the "Actions" table, look for the "Condition acl names" column. You can enter one or more ACL names for any action, separated by spaces. If you enter more than one ACL name for an action, ALL ACLs must match for the action to occur (ANDed conditions).