Thanks KOM. Verified cache is working by going to https://www.google-analytics.com/analytics.js. Seeing TCP_MEM_HIT/200 when I go the javascript file hosted by Google.

thanks for the reply, i was checking the logs and your right something odd with the active directory but i ended up using the local authentication created all the users

@rggolbraich said in Squid/Clamav: Wrong redirect URL: I know its an old post but here is my solution to the same problem. Solution: when I installed pfSense with all packages I use, I gave it a domain name. After some while, i changed the domain name to my DC, somehow SquidClamAV keeps the old data so I get pointed to unavailable address. To fix this issue I edited 2 files: (Diagnostics - Edit File) /usr/local/etc/c-icap/squidclamav.conf /usr/local/etc/c-icap/squidclamav.conf.pfsense Why them both? because every time I edited the .conf file my settings get back to what it was. after changing them both pfSense kept the configuration and problem were fixed. Thanks for this. Two years later and still a bug.

Glad its working for you now.

We both learned a bit ;) Thanks for the questions, it got me playing with HA proxy and ACME.. I had not had a reason to use them until you brought up the question(s) After that I had no excuse not to use them and fired up a shared port for my openvpn that listens on 443 and then hands off to ha proxy so I can use https with my ombi plex request system via https ;) Win Win all around I would say!

If you still have a query related to proxies issues on guest router so in that case I'm recommending you to use VPN as With a VPN for Router, protect every device that connects to the internet. Get FastestVPN and open endless possibilities on all your devices.

Thanks @vallum i get back to with an update that it's working for us or not..Thanks again.

That is a proxy question - moved to the correct section. Are you wanting to have specific clients not use the proxy, or not use the proxy for specific dest IPs? Validation of what version your using both for squid and pfsense would be helpful - and are you using transparent mode or explicit for your clients to use the proxy. What are you doing with https, etc.

Glad you got it sorted out.

I got the same error with /var being in RAM not on disk

@mindaugezas Go with the option 'none'. And put a sticktable definition and matching rule in the advanced pass tru textbox. Almost any custom option that isn't in the webgui can be added in some textbox somewhere..

@guilherme_182 said in WARNING " All 5/5 check_cp processes are busy.": WARNING: Consider increasing the number of check_cp processes in your config file. WARNING: 5 pending requests queued WARNING: All 5/5 check_cp processes are busy. Not a "pfSense" process. So probably something from SQUID + Splice ALL + SSL + Squidguard The captive portal doesn't have a (software) proces. At most a couple of instances of the web interface that hosts the login page - several nginx processes. These processes are called "nginx'. As you can image, they do not much work, and they don't 'block' anything. "check_cp" is unknown to me (but I'm not using squid etc as it seems useless these days (to me)).

Make sure the clients and Squid are both using the same DNS servers that is biggest cause of issues with Squid. So usually that would be both using Unbound in pfSense. Check the Squid logs and system logs for errors. Also: https://www.netgate.com/docs/pfsense/cache-proxy/squid-troubleshooting.html Steve

You could : Ask for a wild card cert for *.example.com & example.com" and place the obtained certificate on the two servers 172.65.1.11 and 172.65.1.10. Or you can ask for two certs : a cert for the server test.example.com, to be put on server 172.65.1.10 and a cert for test2.example.com, to be put on 172.65.1.11. Btw : certs are totally not aware of IP's and stuff like that. If your server test2.example.com uses IP 192.168.1.10 as of now , the cert will still works just fine.