new version from pf2ad is working :)

@zacha fixed in squid 0.4.44_15

@C0RR0SIVE said in Squid proxy NONE/503: I just use Shallalist for my SquidGuard, it helps block some common annoyances really, don't think it has been updated in some time though. More useful if you have kids trying to get to porn sites more than anything IMO. Yeah, I use Unifi AP's and a Captive Portal in my Unifi software that requests they setup the proxy on their device using a proxy.pac file that's stored on a local webserver. When they pull from that file they go through HTTP/S just fine. If they don't they just get rejected on 443/80. Haven't had an issue with guests doing that so far. I also make sure I link to instructions stored on the local web server so they can follow those. I have done some testing, but nothing concrete yet... I was on 2.4.5, and have been having some other issues with it. I decided to compile a version of 2.4.4-p3 and installed that, then restored all my settings. So far SQUID + SquidGuard has been rather stable and fast. I suspect the issue isn't just SQUID, but 2.4.5. Can you confirm what version of PFSense you are on? I still see 503 errors, but those look purely SquidGuard and PFBlocker related (as in, what I am seeing, the URL is in my SquidGuard list or tied to a list on PFBlocker). I see. I use Unifi AP's/controller too so we pretty have a similar setup. I have to play around with Squidguard when this issue gets fixed. I'm also at pfsense 2.4.5 but I'm not sure when those 503 errors started showing up but I also highly suspect it's after the 2.4.5 upgrade.

@Smoothrunnings I still don't understand the problem. Haproxy needs a IP to listen on.. Do you still have the old SmoothWall box? Can you check what the contents of haproxy.cfg was there? And besides that, if it warns i'm pretty sure there is actually something configured wrongly.. Perhaps can you share the current haproxy.cfg file? (its okay to partially obfuscate public ip's and domainnames you have in there as long as its done consistently..)

Please update to 0.4.44_21

@custardduck22 Common 'issue' like this is also the port :80 redirect that pfSense has, if for some reason a 'http' request is done instead of 'https' the pfSense webgui-redirect could get cached by a browser.. (that redirect it can be disabled in 'system/advanced settings') Anyhow good you've already got it fixed.

@guez I also specify that I use the transparent mode. If the solution is to configure a proxy by DHCP, that does not concern me and thank you to indicate it to me

Upgraded to pfSense 2.4.5 and this broke. I figured out the problem and it is very simple. Delete old stuff: pkg remove p5-XML-NamespaceSupport-1.12 pkg remove p5-XML-SAX-Base-1.09 pkg remove p5-XML-SAX-1.00 pkg remove p5-XML-LibXML-2.0132,1 Install the new packages: pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-Base-1.09.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-1.02.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz For 2.5.0: pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-Base-1.09.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-1.02.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz But the most important thing!!! Open this file in a text editor: /usr/local/libexec/squid/https-everywhere/squid.pl Change to first line from: #!/usr/local/bin/perl5 To: #!/usr/local/bin/perl And another thing that isn't necessary but I found helpful with heavy use is increasing the helpers: Go to Services > Squid Proxy Server Show advanced options at the bottom And update in Custom Options (Before Auth): url_rewrite_children 16

Gotcha, thank you.

@Gertjan Yeah, never mind. I'm taking it up with one of the CMS developers. Actually, I've used the CMS in question for almost a decade now. The problems began when I first used it behind HaProxy after they implemented the SSL-check.. Anyway, thanx for your input.

@iPenguin I was able to get HAProxy & ACME working with this guide https://youtu.be/FWodNSZXcXs

Check also https://forum.netgate.com/topic/151523/reverse-squid-no-longer-working-on-latest-development-branch