@viktor_g That solves my problem on

Version 2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE

I guess I need to upgrade the

Version 2.3.5-RELEASE-p2 (i386)
built on Thu May 10 15:03:18 CDT 2018
FreeBSD 10.3-RELEASE-p29

Thank you for you patience and support

Hi, I tried to use mixed mode and it works as expected (including LightSquid). ☺

I admit that this is one of the problems with Squid as a package with pfSense, it doesn't rely on automatic log rotation and clean-up. I still do it manually, but if there is a software that can do this automatically, I'm in.

@dragoangel Thank you, you are correct. I am my way to becoming versed with HAProxy.

Layer 4 connection problem - connection refused is clearly says that port you mention doesn't open or listen. So: or you have firewall issues on your server or app not listen on server IP you are pointing.

@aGeekhere I'll look into this right now actually, took me a bit longer than I'd like it to have, for me to get to this. I'll add them in and see how it goes, thank you!

EDIT: oh my lord that's funny, that article you'd linked is one of the sources I actually did use when compiling that list that I posted in the github that I'd had in my original post haha.

changes committed to the github, thank you again.

thanks @viktor_g

@srlek Hi, srlek
Thank you for your reply.

dunno why you need clash

Because I am in China, the gov blocks a lot of websites.

but for proxying https you need squid-guard on pfsense

I have installed squid-guard package, and I set target rules=all, and it doesn't work.

Maybe I need more knowledge about routing. 😂 😂 😂

@viktor_g Thanks will do!

Thanks, it looks like it was working just the account got locked out, had to reset it.

@viktor_g
Thanks, installed, function seems to be ok (but upgrading process was problematic this time).

happen also to me during update to 2.4.5-RELEASE-p1, squidguard stuck at reboot on deinstall

@skilledinept
What does the haproxy status page LastChk column say when you enable "SSL checks" on the server, and configure healthcheck method to 'http' ? Wrong method? Try GET perhaps? Or wrong host, try adding a Host header? Or forbidden? Try allowing the 401 status as valid.

@aGeekhere said in Problem accessing the site (SSL Certificate expired on: May 30 10:48:38 2020 GMT):

SPLICE ALL

Thank you,
The option "SPLICE ALL" solve the problem

I set up squid authentication with LDAP, and I'm trying to create a group ACL, I'm passing the settings just as pfsense says

ldapusersearch ldap://192.168.0.100/DC=domain,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=domain%2cDC=com))

but this group acl does not block the blacklist sites, when I create a group acl and place a single user it works which is a beauty

That worked great. I didn't realize you could put the resolvers under global and still have it work.

@noplan Thanks for the reply.

Naw... I've tried that. It doesn't work for my setup. Pfsense returns two IPs for that hostname...but the 1st IP is the real server IP...the 2nd IP is the 'override' ... besides I can't ssh into the server if the override IP is the only one that resolves for that hostname...

Just starting to accept the fact that this solution won't work for my setup.