You need enable MIT feature. This link could be help you.
https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense

Hand up if it was useful.

Gabriel

Hi, PiBa!

Or perhaps you want to configure a 'port' option on the server to make it check on a different port than the regular traffic >>go's to? Could add that on the server-pass-thru option.

This is exactly what I need! Thanks, it works for me with the server-pass-thru option :)

Dear PiBa,

Again, thank you very much! The complaint did not exist in previous versions. Your way does work. Placing the statement in the "Advanced pass thru" box does work also. I would not have understood this without your explanation!

Regards,

Michael

@piba

Thanks a lot for all your help.

I got Siri to work by adding the following to my wpad files:

if (shExpMatch(url, "guzzoni.apple.com")) ||
shExpMatch(url, ".guzzoni-apple.com.akadns.net"))
return "DIRECT";

Basically, it's bypassing the proxy but that's all I could find.

This is where I found it:
https://apple.stackexchange.com/questions/253843/siri-on-macos-behind-a-corporate-proxy#253947

and

https://blog.mansshardt.net/siri-ios-macos-hinter-squid-proxy-zum-laufen-bringen/

You will need to use google translate unless you know how to read German.

@piba

You were correct, I had to change the SSL checkbox for the wanhttps

Now everything is working and I am back to the SSL Labs A+ rating (if that is worth anything)

@ageekhere
In this case, do I keep the Proxy settings transparent with Splice All enabled?

[Solved] I found the log rotate check button for SquidGuard in the GUI. Thanks

I think I have cracked this. What you do is to upgrade in the package manager:
To:

haproxy net 0.59_4 The Reliable, High Performance TCP/HTTP(S) Load Balancer.
This package implements the TCP, HTTP and HTTPS balancing features from haproxy.
Supports ACLs for smart backend switching.

That seems to pull the HAProxy 1.7.11 as an dependency at least it now claims to be running 1.7.11 and the first tests looks reassuring.

I solved the problem myself.

All my configuration was correct, there is a bug with the squid addon: you can not start the squid service from the web interface, when you click on "start the service" in the image below nothing happens, the service doesn't start and you don't have any error message:
0_1533074663644_squid screenshot.png

I had to connect to the pfsense terminal and run a "ps aux |grep squid" to see that th service was not running (i didn't have any error message in /var/log/squid).

A simple "squid start" solves the problem, does someont knows where can i report this bug ?

@maverick_slo
using 2.4.4'beta' with php7 i guess? PR with version 0.59_6 that should fix that one is pending..

Same here, re-appearing in 2.4.3-RELEASE-p1 on a Netgate SG-3100. Looks to me too high i/o(???)

PFSense installed on 'thrid party' pc hardware works normally. Restarting ClamAV works for some hours and then protocol errors appear again. Updating ClamAV once a day lowered to once a week -> no difference Bypassing will prevent this ICAP protocol error but is not really a solution.

Thanks,
Imp

@gertjan said in SSL Man In the Middle Filtering blocking any app:

The MITM "problem" will probably never get solved.

Thank you very much