@guez I also specify that I use the transparent mode. If the solution is to configure a proxy by DHCP, that does not concern me and thank you to indicate it to me

Upgraded to pfSense 2.4.5 and this broke. I figured out the problem and it is very simple. Delete old stuff: pkg remove p5-XML-NamespaceSupport-1.12 pkg remove p5-XML-SAX-Base-1.09 pkg remove p5-XML-SAX-1.00 pkg remove p5-XML-LibXML-2.0132,1 Install the new packages: pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-Base-1.09.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-1.02.txz pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz For 2.5.0: pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-Base-1.09.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-1.02.txz pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz But the most important thing!!! Open this file in a text editor: /usr/local/libexec/squid/https-everywhere/squid.pl Change to first line from: #!/usr/local/bin/perl5 To: #!/usr/local/bin/perl And another thing that isn't necessary but I found helpful with heavy use is increasing the helpers: Go to Services > Squid Proxy Server Show advanced options at the bottom And update in Custom Options (Before Auth): url_rewrite_children 16

Gotcha, thank you.

@Gertjan Yeah, never mind. I'm taking it up with one of the CMS developers. Actually, I've used the CMS in question for almost a decade now. The problems began when I first used it behind HaProxy after they implemented the SSL-check.. Anyway, thanx for your input.

@iPenguin I was able to get HAProxy & ACME working with this guide https://youtu.be/FWodNSZXcXs

Check also https://forum.netgate.com/topic/151523/reverse-squid-no-longer-working-on-latest-development-branch

@PiBa Awesome! Thank you again @PiBa and apologies again for the ignorance on my part. Your insight was extremely helpful and the proxy is now behaving as I had hoped. Just a note in case anyone wonders, I tried disabling the transparent IP and that did not help with the interVLAN traffic. The problem only affected the ports defined in HAProxy (80,443) and did not resolve until I added the binded interface in the frontend. I did not expect to have to do that as I thought HAProxy would only listen on the defined ports but it happened to me.

@vinceepic Yes TCP mode would work.. But do you have a reason for not using "ssl/https(TCP mode)" which would give the same frontend/backend configuration regarding the passing of the ssl traffic without any changes, but would allow to set some SNI based acl's in the webgui?

@xternaal Add a acl X that checks 'host matches: service' Then add a action that will perform a 'http-request redirect' for fmt: 'location https://service.contoso.com' when the acl X matches.

@PiBa Thank you very much, for all the support you provided.

does a fix for this issue exist? Stop using FTP?