@piba Thanks I have managed to fix the issue, the docker container didn't have the ws listening port open. Thankyou for your help

Here are some screenshots: Here we can see that the number of "current conns" requests increases exponentially. So I deduce that Haproxy is not able to distribute the requests to the servers in the backend. [image: Screenshot-1.png] In the backend we can see that the servers have responded individually to a maximum of 64 requests per server and 190 when adding all the servers together. Whereas without using haproxy we get 500 requests per server per second. [image: Screenshot-2.png] Finally, I realized that the problem was visible before the backend. Directly in the frontend. On the screenshot you can see that the frontend transfers a maximum of 180 requests per second. Maybe the web servers receive a defined number of requests and therefore can't respond to more requests than previously received from the frontend. [image: Screenshot-3.png] The data in the screenshots come from a test corresponding to 2000 https requests in 10 seconds. That is 200 requests per second.

@daddygo said in Squid Error Access HTTP Website: @peter_apiit said in Squid Error Access HTTP Website: I have configured squid in transparent proxy but could not load any webpage. Hello, What do you use a transparent proxy for? (proxy in SOHO?) This is always the question. glassdoor uses http to https redirection, ergo an http based proxy is not relevant here Squid and the like, weird animals since we love https... a serious and workable configuration will be painful,..... can be I would pay attention to these in your place: SSL MITM [image: 1608382781647-41960390-e636-4674-8d75-35aec40a2503-image.png] the ICAP error is a warning anyway, maybe a configuration error? so give me more handrails Thanks for your prompt reply. After added acl network list, it working successfully. Thread closed.

@tomschlick No problem! I was having trouble finding examples of this in any of the documentation myself, its not entirely obvious that you can simply specify more than one ACL in the Haproxy action table. So I myself was trying to figure this out and luckily somebody answered my question on HAProxy forums. I will add to this that if you reference a pfsense alias that you have to restart the haproxy service if you add any additional entries to the alias, at least this seems to be the behavior I was noticing.

@falassion said in Squidguard stop Squid Proxyserver: I’m trying to set up proxy for cache web pages and for the antivirus tool. I understand, thanks for the info about you we also run it in several copies (Squid)... (250 - infinity) but they are only used to cache internal intranets (http) and such things.. the proxy assumes a serious configuration, as MITM and HTTPS are exist http virus filtering is almost negligible as there are few such requests these days, so installing a single proxy due to CLAM AV is unnecessary and not worth it... and endpoint protection is the primary device... so what can I do for you, I need a more serious description of what you want to achieve?

Hi, Just to update... We have changed our ethernet cable and I have tick the "disable Gateway action". We didn't have any issue since we did that :-) It will be interesting to confirm who is the culprit by uncheck the tick (disable gateway action), I will see if I do... Thanks !

@viberua Right. I did some reading on what Splice is capable of and it does seem Splice can see the domain name (not the full URL), but only after the tunnel is closed. It is then logged, rather than Bump which actually looks at the whole URL and replaces the certificate. But, this has its own set of problems for mobile devices.

Anyone? Please help me pfsense guru? Should I try to delete their browser cache, cookies and history?

We did a hangout on it: https://youtu.be/FJSHMyrd29E There is some relayd stuff there too but it's mostly about setting up HAProxy. Steve

@briang70 Yep, have same issue. I've solved this with disable MITM mode before, but today i tried clear cache and is helped. Dec 4 05:00:10 kernel pid 85818 (squid), jid 0, uid 100: exited on signal 6 Dec 4 05:00:11 kernel pid 86437 (squid), jid 0, uid 100: exited on signal 6 Dec 4 05:00:13 kernel pid 96986 (squid), jid 0, uid 100: exited on signal 6 Dec 4 05:00:15 kernel pid 654 (squid), jid 0, uid 100: exited on signal 6 Dec 4 05:00:16 kernel pid 3896 (squid), jid 0, uid 100: exited on signal 6 Dec 4 05:00:18 kernel pid 7281 (squid), jid 0, uid 100: exited on signal 6 Dec 4 05:01:05 Squid_Alarm 81770 Squid has exited. Reconfiguring filter. Dec 4 05:01:05 Squid_Alarm 82248 Attempting restart... Dec 4 05:01:08 Squid_Alarm 90439 Reconfiguring filter... Dec 4 05:01:08 check_reload_status Reloading filter Dec 4 05:01:10 php-fpm 44241 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules. Dec 4 05:01:10 php-fpm 44241 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules. Dec 4 05:01:10 php-fpm 44241 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules. in this thread we talking about it, and waiting for resolving https://forum.netgate.com/topic/153933/solved-squid-0-4-44_25-assertion-failed-http-cc-1533-comm-monitorsread-serverconnection-fd In PfSense redmine is created task https://redmine.pfsense.org/issues/10608 Need to wait for new ported squid version for PfSense. In FreeBSD this issue already patched.

Fresh news. When MITM enabled in Splice all mode - Chrome Remote Desktop is connecting. Even with removed ip 74.125.247.128 from ACL whitelist. Will try to compare config with this two modes and add this ip to exclusion list.

@aGeekhere yeah i read those threads, hope soon squid will be patched About error in cache log, i don't have time to check logs (all work is stopped), just searching solution, and found it when i disabled MITM mode. May be i don't understand well what is splice all mode doing. But yellow marked text make me think that it should work. Because with disabled MITM is work the same as with enabled MITM Splicle All [image: 1606736053602-fc1db843-9c3a-49c9-b509-2fdcfb339c16-%D0%B7%D0%BE%D0%B1%D1%80%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F.png]

I have found difference between this two cases, and now i know what is cause this problem. In first case url was with https:// in second with http:// . Now our Squid have issues with MITM mode and https:// content not filtering. Will hope in next updates issue with MITM will be solved.

Any news?

The same discussion is running on this thread, so closing this issue https://forum.netgate.com/topic/153933/solved-squid-0-4-44_25-assertion-failed-http-cc-1533-comm-monitorsread-serverconnection-fd/12?_=1605797794715