• Setting reversed proxy

    39
    0 Votes
    39 Posts
    7k Views
    V

    @jimp could you point me in the right direction how to setup so HAProxy on pfSense handels the certs ( not just getting them )

  • Content filter

    1
    0 Votes
    1 Posts
    300 Views
    No one has replied
  • HAProxy Down with HTTP site [ 503 Service Unavailable ]

    9
    0 Votes
    9 Posts
    4k Views
    W

    @piba

    How do I get information about this image?

  • PFsense transparent proxy speed issues

    Moved
    9
    0 Votes
    9 Posts
    992 Views
    I

    Is Squid the only package on the pfSense box?

    Also I would check if the firewall rule that Squid adds in transparent mode is conflicting
    with other firewall rule's.

    With that amount of user's there is quite a lot of tuning that can be done.

  • Blocking Sites for some IP's but not others SQUID guard

    4
    0 Votes
    4 Posts
    515 Views
    KOMK

    Common is literally applied for everyone. Group policies are only for those clients inside the group. The order is important. Did you confirm that your clients are even using the proxy?

  • Solved: How to cache musics from music site

    Locked
    1
    0 Votes
    1 Posts
    529 Views
    No one has replied
  • HAproxy backend whitelisting

    9
    0 Votes
    9 Posts
    6k Views
    K

    That was it, thank you for your help!

  • Squid + SquidGuard URL Filtering Question

    2
    0 Votes
    2 Posts
    636 Views
    A

    Problem solved.
    Set SSL/MITM Mode to Splice All.

  • (SOLVED) Squid HTTPS/SSL Interception blocks Warframe login.

    4
    0 Votes
    4 Posts
    1k Views
    D

    Ok after some reading, it seems I don't need to filter https. All I really need to do is block certain https domains from my kids on my home network while allowing all other traffic, prevent kids from circumventing proxy, monitor traffic stats per IP, and no issues with online games like logging into Warframe.

    To block https domains, I found some info on setting the ssl intercept to "splice all" and putting ".*" in the acl whitelist, then use squidguard to block https. However, I'm not exactly sure how to set this up with squidguard or if it will fix my Warframe login issue.

    I'm trying to learn this so I don't really want to use something like OpenDNS if I can help it. I'm running psSense in a VM with working backup so I'll try any suggestions because I can easily restore my pfSense firewall.

    Thanks.

  • squid/clamav

    Moved
    1
    0 Votes
    1 Posts
    443 Views
    No one has replied
  • HAProxy: Serving simple http page and OpenVpn instance

    1
    0 Votes
    1 Posts
    350 Views
    No one has replied
  • Blocking Facebook with E2Guardian

    1
    0 Votes
    1 Posts
    431 Views
    No one has replied
  • multiple https with haproxy

    27
    0 Votes
    27 Posts
    5k Views
    C

    @mats So part of the problem was my rules but the final stick ended up being a bug in the upgrade to the most current release where my default gateway was no longer 'marked' default.... what a headache.

    I did finally manage to get Zimbra OSE running in a docker alongside a NextCloud docker to work for files as well. Only then did I fully realize that since I chose the Open Source edition, I cannot fully integrate it into my android for calendars and such which is a major letdown. I was so impressed with the webmail features that I over looked the limitations of the free version.

    I may look into iRedMail. I didn't like the webmail portions but in the end I doubt I will really be using it compared to the ability to have fully integrated calendar & contacts.

  • Squid Proxy + Reverse proxy conflict

    2
    0 Votes
    2 Posts
    481 Views
    P

    Ended up canceling Squid for HAProxy.

  • HAproxy Action on 2.2.6?

    5
    0 Votes
    5 Posts
    604 Views
    K

    using the HAproxy Devel did the trick

  • Pfsense Squid block http traffic

    7
    0 Votes
    7 Posts
    3k Views
    I

    @landrocket
    The best way I have found to set up squid on a home network is without transparent.
    It is pretty simple to set the proxy setting's in the browser.

    Also has the added benefit if you have a problem connecting you can reset your browser
    and just bypass the proxy until you figure out the problem (check the real time log's)

    The way I set up mine is pretty much default. (Create Internal Cert. of Auth.)
    1)Enable Proxy
    2)Select Lan and Loopback
    3)Allow User's
    4)Resolve IPv4 first
    5)Disable ICMP Pinger helper
    6)Enable SSL filtering
    7)Splice Whitelist Bump otherwise
    8)Select Lan
    9)Proxy port-3129
    10)Compatibility mode-intermediate
    11)Cert. Adapt Not Before
    12)X-Forward (transparent)
    13)Disable Via Header
    14)URL Whitespace (Strip)
    15)X-Forward (transparent)

    After you reboot the firewall you can go to the ACL's tab and can enter in site's that you don't
    want to SSL bump- here is what I use. Window's Updates, Live Mail, OneDrive, Steam etc.
    Some of them might not be relevant anymore. But steam will take the proxy down quick if
    it isn't whitelisted.
    I am sure there is a way around that but I didn't want to put in the effort.

    0_1540791260483_Whitelist.txt

  • Captive Portal stops firewall rules

    Moved
    9
    0 Votes
    9 Posts
    1k Views
    S

    @derelict Thank you, i will try this, and hope that pfSense 2.4.4 will work without problems

  • After upgrading to HAProxy 0.59_2 nothing works anymore!!!!

    34
    2 Votes
    34 Posts
    50k Views
    P

    @nick2253
    Sorry but that was not what i'm saying.

    To make haproxy health-checks use SSL you should enable the "SSL checks" checkbox behind each server.

    0_1540496969032_cb3883c2-37b0-4062-a4bb-094704716f28-image.png

  • Problem with Squid

    1
    0 Votes
    1 Posts
    416 Views
    No one has replied
  • Where is Varnish ?

    4
    0 Votes
    4 Posts
    917 Views
    jimpJ

    Varnish was removed years ago. Very few people used it, and it required keeping a compiler on the firewall which is generally a bad idea.

    Also, don't use ezjail or jails in general on the firewall. Either virtualize things or separate them. Don't try to force the firewall to take on roles for which it isn't well-suited.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.