• Squid + https

    52
    0 Votes
    52 Posts
    7k Views
    DaddyGoD

    @Abdou-Ahmed said in Squid + https:

    just add it in mikrotik

    well, please specify this, please what kind of Mikrotik???
    I'm pretty prepared in the "picture" - Mikrotik...
    (all our CATV traffic is provided by Mikrotik devices)

  • Can't login to skype after using squid proxy

    8
    0 Votes
    8 Posts
    834 Views
    DaddyGoD

    @dealornodeal said in Can't login to skype after using squid proxy:

    ofcourse it may be hardware mailfunction or just MS Windows added some crappy things into BIOS management system..

    pfSense / FreeBSD, cannot change the BIOS this is the fact...

    Under UEFI you can win, modification like EasyBCD...
    https://neosmart.net/EasyBCD/

  • Guest VLAN and Haproxy/acme

    Moved
    4
    0 Votes
    4 Posts
    520 Views
    A

    I was on summer break, hence the late reply. I guess I started with step 7.

    Thanks for your reply! I will give it a try.

  • Squidguard-Target Category-Regular Expression broken?

    1
    0 Votes
    1 Posts
    403 Views
    No one has replied
  • Encypted Alert 21 (tls v1.2) - HAProxy issue

    1
    0 Votes
    1 Posts
    359 Views
    No one has replied
  • After upgrade to 2.4.5 HAproxy doesn't work by outside ( WAN) traffic

    7
    0 Votes
    7 Posts
    869 Views
    M

    i have the same problem, but doesnt seem to what reza3sw said. though seen i found it to stop working, i have had a change in internet service provider, and having a dual wan, i edited 1 of those for the new service. i did have a config backup a couple mpnths old that in a test i uploaded that on the new pfsense version, and it works.

  • Whitelist

    2
    0 Votes
    2 Posts
    193 Views
    C

    The proxy config snippet generated from the whitelist uses the acltype dstdom_regex

    acl aclname dstdom_regex [-n] [-i] .foo.com ...
    # regex matching server [fast]
    #
    # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
    # based URL is used and no match is found. The name "none" is used
    # if the reverse lookup fails.

    Even if it used dstdomain before, the asterisk character was invalid syntax and possibly ignored by the parser.

    Short answer:
    You have to adapt your whitelist or patch the code.

    For adapting your whitelist:
    The dot-Character has a special meaning in regex. If you want to include the '.' as in '.microsoft.com', you have to escape it: '.microsoft.com'
    (and: squid knows the end of the domain name, you don't have to append the '.' in the end)

    The correct migration would be:
    *.microsoft.com. → .microsoft.com

  • Haproxy - bind abstract namespaces addresses (abns@)

    6
    0 Votes
    6 Posts
    5k Views
    B

    Thanks for your help @PiBa everything is clear to me now!
    Benoit

  • This topic is deleted!

    2
    0 Votes
    2 Posts
    2 Views
    No one has replied
  • Allow facebook messenger but block facebook website

    1
    0 Votes
    1 Posts
    199 Views
    No one has replied
  • Enable SSL filtering with mikrotik router

    1
    0 Votes
    1 Posts
    148 Views
    No one has replied
  • HAProxy backend over VPN

    1
    0 Votes
    1 Posts
    273 Views
    No one has replied
  • Random problems accessing HTTPS pages error PR_END_OF_FILE_ERROR

    2
    1 Votes
    2 Posts
    748 Views
    M

    @moti4553 help @stephenw10 Dear we still present the problem, I already put DNS to IP 127.0.0.1, but the problem there is that I do not see my internal applications, please could you give me a light

  • Old data

    2
    0 Votes
    2 Posts
    166 Views
    DaddyGoD

    @Simbad

    Hi,

    This is not a problem, in fact, they have been in this version for a long time.
    AV filtering on the firewall doesn't really have a reason for existence, especially since it only applies to http

    the daily.cld is updated and this is the essential momentum

    http://database.clamav.net/main.cvd
    http://database.clamav.net/daily.cvd
    http://database.clamav.net/bytecode.cvd

    https://www.freshports.org/www/squidclamav

    ba5e4004-0758-414d-b052-89a06f592b7e-image.png

  • Haproxy and smugling fix

    1
    0 Votes
    1 Posts
    160 Views
    No one has replied
  • Cache Poisoning Issue in HTTP Request processing

    1
    0 Votes
    1 Posts
    113 Views
    No one has replied
  • QoS3: Secure Caching in HTTPS Based on Fine-Grained Trust Delegation

    1
    0 Votes
    1 Posts
    98 Views
    No one has replied
  • 0 Votes
    4 Posts
    786 Views
    GertjanG

    As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything.

    But :
    The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway.
    The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all.
    etc etc .

  • Squid certificates

    2
    0 Votes
    2 Posts
    188 Views
    GertjanG

    See https://forum.netgate.com/topic/155280/squid-https/3

  • new fun and odd issue with squid/wpad on pfsense with android!

    4
    0 Votes
    4 Posts
    548 Views
    GertjanG

    @High_Voltage said in new fun and odd issue with squid/wpad on pfsense with android!:
    These
    .microsoft.com .windowsupdate.com .akamaitechnologies.com .akadns.net
    should not (never) be cached.
    Example : if the windows update isn't guaranteed to from "the source" then every windows install is at risk. Microsoft couldn't tolerate that situation, it could kill the company overnight.

    So this

    acl splice_it ssl::server_name .reddit.com

    handles everything going to / coming from is handled the same way.
    ( no need to read a a manual to understand that ^^ )

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.