• PfSense, HAProxy and Fail2ban

    10
    0 Votes
    10 Posts
    13k Views
    JeGrJ
    You don't necessarily have to use SSH and the easyrule block. It's just one possibility. You could always take fail2ban, add a custom action and use it to push the IPs that try to hit your webservers to a central instance/vm/whatever and collect it there. Then use pfBlockerNG to fetch this list of IPs and block it from WAN. Only "problem" is, that pfBNG isn't faster than "hourly", a thing that I tried to bring to the developers attention so that you had the possibility to go down to let's say 5-10min to blacklist an IP. But besides that, that's totally possible (we're running something along those lines ourselves).
  • cron complaining about haproxy

    Moved
    8
    0 Votes
    8 Posts
    957 Views
    jimpJ
    https://redmine.pfsense.org/issues/9922 https://github.com/pfsense/FreeBSD-ports/commit/47f4f91aa8159e47f24990eb2496784cb9ef07c6 https://github.com/pfsense/FreeBSD-ports/commit/e8bec3bf1a773bdc61ebb7555941a2b9e26db732
  • How can i filter results from Squid Access Table tab Real Time

    1
    0 Votes
    1 Posts
    194 Views
    No one has replied
  • haproxy weired error

    Moved
    7
    0 Votes
    7 Posts
    2k Views
    J
    @PiBa Thank you for your response. I was asking because I am experiencing a similar issue using PostgreSQL 11 on the back end. Every time we close the session, HAProxy logs an error with a termination state of SD. I'm just curious if it's a configuration issue with either HAProxy or PostgreSQL. If it's a harmless error, then is there any way to suppress the error in the log?
  • (SOLVED) pfSense + SQUID + SquidGuard (SquidGuard not bloking all)

    Moved
    8
    0 Votes
    8 Posts
    2k Views
    stephenw10S
    Presumably by blocking ports 80 and 443 directly since they were not using a transparent proxy.
  • Domain blocking through squid

    Moved
    6
    0 Votes
    6 Posts
    663 Views
    stephenw10S
    Could be 409 errors, check the Squid real-tome logs: https://docs.netgate.com/pfsense/en/latest/cache-proxy/squid-troubleshooting.html#sites-not-loading-with-splice-error-409-in-access-log Steve
  • 0 Votes
    6 Posts
    2k Views
    B
    @cdavis said in Upgraded from 2.3.1 to 2.3.4-release squidguard using 100% cpu with no oher chgs: ie Hi same issue here..
  • Squid PHP error after upgrade to pfsense 2.5

    7
    0 Votes
    7 Posts
    1k Views
    S
    Had a similar issue after upgrading, this command removed the error during squid service restart: /usr/local/libexec/squid/security_file_certgen -c -s /var/squid/lib/ssl_db -M 4MB chown -R squid /var/squid/lib/ssl_db/ chgrp -R proxy /var/squid/lib/ssl_db/ References: http://squid-web-proxy-cache.1019090.n4.nabble.com/Uninitialized-SSL-certificate-database-directory-td4686306.html https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
  • Squid Redirector

    8
    0 Votes
    8 Posts
    679 Views
    KOMK
    Report the bug on redmine.
  • ClamAV spikes cpu usage after changing Squid setting.

    6
    0 Votes
    6 Posts
    1k Views
    BismarckB
    @do1984 Glad that I could help you! I was in the same boot, scheduled feshclam updates and acl changes for Squid in the night hours, so users wouldn't disturbed to much, but now no problem need a change just do it.
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    5 Views
    No one has replied
  • 0 Votes
    2 Posts
    218 Views
    JeGrJ
    SSL Filtering? With what? You posted in "firewall" but after reading I'm pretty sure that topic has nothing to do with firewalling per se (e.g. packet filtering), but with you running squid/squidguard kind of filtering or pfBlocker. So if you want us to help, you should provide more feedback as to what you did to "enable SSL filtering" and where you whitelisted that.
  • Internet connection drops randomly - Gmail, Webspotify

    6
    0 Votes
    6 Posts
    773 Views
    A
    @periko thanks very much for your input! I have increased the parameters to url_rewrite_children 50 startup=16 idle=8 concurrency=0 to and will monitor how squid and the internet browsing behaves. If necessary I'll increase a bit more. If even after that the problem persists, i'll keep looking into it. Regards! Andre.
  • Problems with SquidGuard

    1
    0 Votes
    1 Posts
    334 Views
    No one has replied
  • Slow browsing, transparent proxy

    1
    0 Votes
    1 Posts
    243 Views
    No one has replied
  • Squid /ClamAV problem

    2
    0 Votes
    2 Posts
    471 Views
    BismarckB
    @Michael_L Is the proxy/clamd service running, did you updated ClamAV via freshclam before the first run? And you need to setup Squid/SSLBump properly, in order to make ClamAV effective.
  • LightSquid stats with time

    1
    0 Votes
    1 Posts
    202 Views
    No one has replied
  • Google G-Suite App Issues

    Moved
    21
    0 Votes
    21 Posts
    2k Views
    P
    @stephenw10 Perfect thank you very much I will pursue that option! I am only trying to block Social Media and other inappropriate sites. Thanks again for all of your help it is greatly appreciated! Patrick
  • Squid reverse proxy don`t update exchange options like OWA etc

    2
    0 Votes
    2 Posts
    410 Views
    E
    Hello :) can some help me with this?
  • WebSocket issue with pfsense squid guard

    8
    1 Votes
    8 Posts
    4k Views
    M
    This is not a solution i can filter out using dns but it miss usability as i can not put acl and user exception time based filter the issue is not with the facebook itself it is an example https website as other websites will be blocked based on department and time
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.