@kabeda contact Squid's user support email address they can help you. I also have the ec decode errors with the latest version however it works for me.

squid-users@lists.squid-cache.org

@johnpoz In the screenshot below, access is denied when updating. Or is it like this for everyone?8.jpg

@Gamienator-0
Aliases can be used straight forward in ACLs.
For instance to use an alias for some IPs, set the ACL expression to "Source IP matches IP or Alias" and enter the alias for the value.

@stephenw10

I added the photos again however it was saying invalid path also when i went to add them. I think this fixed it.

@andyc23 said in HAProxy json-rpc healthcheck - need help with my example:

@andyc23
I solved this by having this in the advanced pass through.
Hope it helps someone else:

option httpchk POST / HTTP/1.1\r\nHost:\ haproxyservices\r\nContent-Type:\ application/json\r\nContent-Length:\ 76\r\n\r\n"{\"jsonrpc\":\"2.0\",\"method\":\"eth_syncing\",\"params\":[],\"id\":1}" http-check expect string false

I do get a warning though >

[WARNING] 185/013305 (92736) : parsing [/var/etc/haproxy/haproxy.cfg:132]: 'option httpchk' : hiding headers or body at the end of the version string is deprecated. Please, consider to use 'http-check send' directive instead.

not sure if important.

Sorry for bumping this old thread.

I had everything working as above, but now, since i've updated haproxy -

i now get this issue:

[ALERT] (50668) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:181] : 'option httpchk' : hiding headers or body at the end of the version string is unsupported.Use 'http-check send' directive instead..

i've tried:

http-check send meth POST uri / ver HTTP/1.1 hdr Host haproxyservices hdr Content-Type application/json hdr Content-Length 60 body "{"jsonrpc":"2.0","method":"eth_syncing","params":[],"id":1}"
http-check expect string false

anyone able to help me set the correct backend passthru?

@stephenw10

I am missing my photos :( Can you help with a couple of these posts the photos are vanishing ..

@Antibiotic

Ref:
http://www.squid-cache.org/Doc/config/memory_pools_limit/

Try to change this to a higher value if your firewall can handle it

@gurpal2000
We are talking about backends.

There is a "Default Backend" setting in the frontend. This is used if no rule matches a traffic.

Howerver, you can as well add an action for the primary backend and negate the existing ACL.

@nalle_j
So you have to investigate, what's going wrong.

I assume, that the packets reach the remote backend server, since the health check succeed, as you wrote.

To get sure, sniff the traffic at the remote site. First on the server-facing interface. If you can see requests and responses either, sniff on the Wireguard interface, and if there are no responses, sniff on the WAN to see if the packets go out to the default gateway.

Any tips on how to get this working?

@johnpoz, you are correct. I should have added that in my head it seemed like a security issue but it obviously wasn't because of the default rules.

This is pretty complex I use a separate VLAN that only gets the resources it needs for VPN but check your ACLs and if you really want to send VPN traffic into the proxy you need to force that traffic into the proxy NAT it

UPDATE 4-25-24

Added timeframes to secure web cache use

Add this to the top of the config

acl block_hours time 01:30-05:00 ssl_bump terminate all block_hours http_access deny all block_hours