@custardduck22
Common 'issue' like this is also the port :80 redirect that pfSense has, if for some reason a 'http' request is done instead of 'https' the pfSense webgui-redirect could get cached by a browser.. (that redirect it can be disabled in 'system/advanced settings') Anyhow good you've already got it fixed.

@guez I also specify that I use the transparent mode. If the solution is to configure a proxy by DHCP, that does not concern me and thank you to indicate it to me

Upgraded to pfSense 2.4.5 and this broke. I figured out the problem and it is very simple.

Delete old stuff:

pkg remove p5-XML-NamespaceSupport-1.12 pkg remove p5-XML-SAX-Base-1.09 pkg remove p5-XML-SAX-1.00 pkg remove p5-XML-LibXML-2.0132,1

Install the new packages:

pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-Base-1.09.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-1.02.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz

For 2.5.0:

pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-Base-1.09.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-1.02.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz

But the most important thing!!!
Open this file in a text editor:

/usr/local/libexec/squid/https-everywhere/squid.pl

Change to first line from:

#!/usr/local/bin/perl5

To:

#!/usr/local/bin/perl

And another thing that isn't necessary but I found helpful with heavy use is increasing the helpers:

Go to Services > Squid Proxy Server
Show advanced options at the bottom

And update in Custom Options (Before Auth):

url_rewrite_children 16

Gotcha, thank you.

@Gertjan Yeah, never mind. I'm taking it up with one of the CMS developers.

Actually, I've used the CMS in question for almost a decade now.
The problems began when I first used it behind HaProxy after they implemented the SSL-check..

Anyway, thanx for your input.

@iPenguin I was able to get HAProxy & ACME working with this guide

https://youtu.be/FWodNSZXcXs

Check also https://forum.netgate.com/topic/151523/reverse-squid-no-longer-working-on-latest-development-branch

@PiBa
Awesome! Thank you again @PiBa and apologies again for the ignorance on my part. Your insight was extremely helpful and the proxy is now behaving as I had hoped.

Just a note in case anyone wonders, I tried disabling the transparent IP and that did not help with the interVLAN traffic. The problem only affected the ports defined in HAProxy (80,443) and did not resolve until I added the binded interface in the frontend. I did not expect to have to do that as I thought HAProxy would only listen on the defined ports but it happened to me.

@vinceepic
Yes TCP mode would work.. But do you have a reason for not using "ssl/https(TCP mode)" which would give the same frontend/backend configuration regarding the passing of the ssl traffic without any changes, but would allow to set some SNI based acl's in the webgui?

@xternaal
Add a acl X that checks 'host matches: service'
Then add a action that will perform a 'http-request redirect' for fmt: 'location https://service.contoso.com' when the acl X matches.

@PiBa Thank you very much, for all the support you provided.