• Encypted Alert 21 (tls v1.2) - HAProxy issue

    1
    0 Votes
    1 Posts
    359 Views
    No one has replied
  • After upgrade to 2.4.5 HAproxy doesn't work by outside ( WAN) traffic

    7
    0 Votes
    7 Posts
    866 Views
    M

    i have the same problem, but doesnt seem to what reza3sw said. though seen i found it to stop working, i have had a change in internet service provider, and having a dual wan, i edited 1 of those for the new service. i did have a config backup a couple mpnths old that in a test i uploaded that on the new pfsense version, and it works.

  • Whitelist

    2
    0 Votes
    2 Posts
    191 Views
    C

    The proxy config snippet generated from the whitelist uses the acltype dstdom_regex

    acl aclname dstdom_regex [-n] [-i] .foo.com ...
    # regex matching server [fast]
    #
    # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
    # based URL is used and no match is found. The name "none" is used
    # if the reverse lookup fails.

    Even if it used dstdomain before, the asterisk character was invalid syntax and possibly ignored by the parser.

    Short answer:
    You have to adapt your whitelist or patch the code.

    For adapting your whitelist:
    The dot-Character has a special meaning in regex. If you want to include the '.' as in '.microsoft.com', you have to escape it: '.microsoft.com'
    (and: squid knows the end of the domain name, you don't have to append the '.' in the end)

    The correct migration would be:
    *.microsoft.com. → .microsoft.com

  • Haproxy - bind abstract namespaces addresses (abns@)

    6
    0 Votes
    6 Posts
    5k Views
    B

    Thanks for your help @PiBa everything is clear to me now!
    Benoit

  • This topic is deleted!

    2
    0 Votes
    2 Posts
    2 Views
    No one has replied
  • Allow facebook messenger but block facebook website

    1
    0 Votes
    1 Posts
    199 Views
    No one has replied
  • Enable SSL filtering with mikrotik router

    1
    0 Votes
    1 Posts
    148 Views
    No one has replied
  • HAProxy backend over VPN

    1
    0 Votes
    1 Posts
    272 Views
    No one has replied
  • Random problems accessing HTTPS pages error PR_END_OF_FILE_ERROR

    2
    1 Votes
    2 Posts
    748 Views
    M

    @moti4553 help @stephenw10 Dear we still present the problem, I already put DNS to IP 127.0.0.1, but the problem there is that I do not see my internal applications, please could you give me a light

  • Old data

    2
    0 Votes
    2 Posts
    166 Views
    DaddyGoD

    @Simbad

    Hi,

    This is not a problem, in fact, they have been in this version for a long time.
    AV filtering on the firewall doesn't really have a reason for existence, especially since it only applies to http

    the daily.cld is updated and this is the essential momentum

    http://database.clamav.net/main.cvd
    http://database.clamav.net/daily.cvd
    http://database.clamav.net/bytecode.cvd

    https://www.freshports.org/www/squidclamav

    ba5e4004-0758-414d-b052-89a06f592b7e-image.png

  • Haproxy and smugling fix

    1
    0 Votes
    1 Posts
    160 Views
    No one has replied
  • Cache Poisoning Issue in HTTP Request processing

    1
    0 Votes
    1 Posts
    113 Views
    No one has replied
  • QoS3: Secure Caching in HTTPS Based on Fine-Grained Trust Delegation

    1
    0 Votes
    1 Posts
    98 Views
    No one has replied
  • 0 Votes
    4 Posts
    780 Views
    GertjanG

    As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything.

    But :
    The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway.
    The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all.
    etc etc .

  • Squid certificates

    2
    0 Votes
    2 Posts
    188 Views
    GertjanG

    See https://forum.netgate.com/topic/155280/squid-https/3

  • new fun and odd issue with squid/wpad on pfsense with android!

    4
    0 Votes
    4 Posts
    545 Views
    GertjanG

    @High_Voltage said in new fun and odd issue with squid/wpad on pfsense with android!:
    These
    .microsoft.com .windowsupdate.com .akamaitechnologies.com .akadns.net
    should not (never) be cached.
    Example : if the windows update isn't guaranteed to from "the source" then every windows install is at risk. Microsoft couldn't tolerate that situation, it could kill the company overnight.

    So this

    acl splice_it ssl::server_name .reddit.com

    handles everything going to / coming from is handled the same way.
    ( no need to read a a manual to understand that ^^ )

  • Squid local users

    13
    0 Votes
    13 Posts
    1k Views
    Y

    @viktor_g That solves my problem on

    Version 2.4.5-RELEASE-p1 (amd64)
    built on Tue Jun 02 17:51:17 EDT 2020
    FreeBSD 11.3-STABLE

    I guess I need to upgrade the

    Version 2.3.5-RELEASE-p2 (i386)
    built on Thu May 10 15:03:18 CDT 2018
    FreeBSD 10.3-RELEASE-p29

    Thank you for you patience and support

  • HAProxy Slow

    1
    0 Votes
    1 Posts
    267 Views
    No one has replied
  • Does Squid support 2020 LDAP channel binding ?

    22
    0 Votes
    22 Posts
    2k Views
    C

    Hi, I tried to use mixed mode and it works as expected (including LightSquid). ☺

  • How to clear & clean squid logs safe?

    6
    0 Votes
    6 Posts
    4k Views
    AlexAlex0A

    I admit that this is one of the problems with Squid as a package with pfSense, it doesn't rely on automatic log rotation and clean-up. I still do it manually, but if there is a software that can do this automatically, I'm in.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.