• Pfsense squid squiguard stopped after message

    1
    0 Votes
    1 Posts
    144 Views
    No one has replied
  • Trying to use ssl_fc_sni dynamically..

    1
    0 Votes
    1 Posts
    275 Views
    No one has replied
  • HAProxy - Cookie Protection

    3
    0 Votes
    3 Posts
    796 Views
    P

    @PiBa

    As this is a production system, let me stand up a test device and will execute your instructions there. If that goes well then I will execute on the production system to make sure it works for us.

  • Squid avec Kerberos et bypass sur non authentification

    1
    0 Votes
    1 Posts
    239 Views
    No one has replied
  • Squid Kerberos fallback

    2
    0 Votes
    2 Posts
    458 Views
    J

    I realized I forgot to say what is the goal of this !
    The goal is to log usernames is they are connected to the domain, and just let pass those who are not. But "http_access allow all" seems to ignored...

  • ACLs' precedence

    5
    0 Votes
    5 Posts
    559 Views
    dragoangelD

    @skilledinept here is good article: https://cbonte.github.io/haproxy-dconv/

  • HAProxy 1.7.12 and log real client IP

    3
    0 Votes
    3 Posts
    310 Views
    kiokomanK

    i don't think you can see it anymore.

    haproxy / backend / advanced configuration

    Transparent ClientIP

    but read the warning

  • Redirection of JBoss web server using HAproxy with ACL

    10
    0 Votes
    10 Posts
    744 Views
    W

    @dragoangel Yes, it is already resolved, it is now possible to redirect successfully to my web application, and already using https, as shown in the image below.

    Captura de tela de 2020-10-27 14-54-55.png

    I take this opportunity to thank you and everyone who somehow interacted for a solution to my problem, grateful for all the support and patience in the instructions.

  • HAproxy slow on WAN jagged throughput

    31
    0 Votes
    31 Posts
    5k Views
    dragoangelD

    @S_m do you tried http/2? In theory it not help on one big file but still. Also you can try something like loader.io

  • HAproxy connection reset

    4
    0 Votes
    4 Posts
    4k Views
    dragoangelD

    Correct answer: stop use tcp mode for http backend. This stupid tbh! You lose all benefits of haproxy you can have.

    Haproxy also can have letsencrypt (acme). More over it more good way to handle ssl on haproxy frontend then on iis where you simply at black hole with tls setup which apply only after reboot, not correctly working http/2 and much more stuff about what benefits haproxy have with http and miss with tcp... If you want have full encryption this also not an issue: you create own CA at pfsense and issue own certificate from this CA for 10years and put them on iis. Haproxy connect to iis over https and also validate that ssl is not faked. For frontend you use same lets encrypt...

  • 0 Votes
    4 Posts
    441 Views
    dragoangelD

    Jti I also never had such bug while I had many pfsense with haproxy in various setups

  • E2guardian autenticando via LDAP

    1
    0 Votes
    1 Posts
    185 Views
    No one has replied
  • Transparent auth via RADIUS accounting?

    1
    0 Votes
    1 Posts
    165 Views
    No one has replied
  • certificate management on pfsense machine and clients

    3
    0 Votes
    3 Posts
    401 Views
    K

    @DaddyGo Thanks I will the second option. May be I will have to something more on Linux, but I will. best regards Kiran

  • Proxy: content filtering, IP/DNS filtering, TLS 1.3

    2
    0 Votes
    2 Posts
    413 Views
    GertjanG

    @trilobite said in Proxy: content filtering, IP/DNS filtering, TLS 1.3:

    I know there is a lot in the Netgate forums but I find much is quite outdated.

    Because, as you already discovered : the MITM concepts is entering it's final, ending phase. It's getting really hard.
    It's not only you who tries to enforce privacy. The entire browser - network - server setup goes that way. It's actually you who wants this happening. For all of us. And good rules do not permit exceptions ;)

    Also : OpenDNS might have some good (never perfect) results as you off-load the tedious and ongoing filtering work to others. And yeah, they will say 'no' if your DNS filtered network was asking for 'p0rn.xxx' domain name. And now they know. Up to you to trust them.
    If you do not want others to see what you do, then it will be you and your network, which means you'll have to invest in hardware - like a dedicated proxy machine for best results - and lots of your time, which will be an on going battle, as the net and it's tricks and rules change all the time.
    It might be easier to take control the device your kids are using.

    PS : Actually happy that mine are over 25.

  • Squidguard update fails after upgrading pfSense 2.4.5-RELEASE-p1

    54
    5 Votes
    54 Posts
    18k Views
    J

    I had the same problem. Turned off ClamAV in Squid and problem solved.

  • discovered squid actually works, for windows, but not so much android

    4
    0 Votes
    4 Posts
    468 Views
    A

    For android you may have to manually set the proxy for it. Proxy auto config had issues with android.

  • Why SSL default port is 3129 and not 3128 ???

    1
    0 Votes
    1 Posts
    153 Views
    No one has replied
  • Squid SSL 3129 port woes

    4
    0 Votes
    4 Posts
    3k Views
    ?

    @rnholvast

    so how it may work together.. ???
    I mean... 3129 port set by default in PFS and port 2128 set in firefox ???

  • 0 Votes
    2 Posts
    1k Views
    M

    Take a good look at what's getting blocked in your log files, it's easy to break google products because of their spyware/tracking integration.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.