Yep, that was it, needed to do the action. Thanks for the help!

frontend rancher bind 10.168.12.20:443 name 10.168.12.20:443 ssl crt /var/etc/haproxy/rancher.pem mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl aclcrt_longhorn hdr_reg(host) -i ^longhorn\.home\.swth(:([0-9]){1,5})?$ acl aclcrt_rancher hdr_reg(host) -i ^rancher\.home\.swth(:([0-9]){1,5})?$ use_backend rancher_http_ipvANY if aclcrt_longhorn or aclcrt_rancher aclcrt_rancher

@lemonparty1 said in Squid needs a cache hit rate graph somewhere. Anywhere:

@manojsemwal wow that is quite pretty! 😍
What visualization tool are you using?

Hi We are using Graylog + elasticseach.
we collect data from dozens of squid proxy servers + firewalls + wap + switches + windows servers + Linux servers.

@gertjan Thank you for your reply.. i will study further to get the ans ...

You have to use MITM for it to work or you can use this method, which also works perfectly fine.

https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

Mostly because nobody is actively developing on that package. We've nudged it here and there (like the cache option) but it's been mostly unchanged for years.

If someone wants to take that on, code it up and submit a PR.

After reading related articles and trying to uninstall..reinstall the package. There was still no joy in getting the package to run. The problems started on 06/01/18 after an update. I tried to delete the /usr/local/etc/squid dir and that didn't work either.

What did work, was to recover the system to a date before the update. The packages were reloaded and ta-da the squid cache came back to life. Should of tried the easy button first.

Looking back on what I read, there was mention of the CA certificate having a problem and needed to be rebuilt. According to my effective dates it was good for several more years. So, I have no clue as to what went south.

Really gives reason to backup often and certainly before any upgrade.

You will not get anything to work properly when running a version that outdated.

Remove all packages. Backup config.xml. Reinstall with 2.4.3. Restore configuration. Reinstall packages.

If your hardware is i386 and won't take 2.4.3, at least install 2.3.5.

Yes @jimp, we're using HAProxy to run websites and offloading SSLs over there. We use "redirect scheme https code 301 if !{ ssl_fc }" code in Advanced pass thru option in frontend to redirect the requests from port 80 to port 443.

The site was running in Windows Server 2012 R2 IIS before, so recently we migrated those sites to pfsense for advanced security. And after that all sites went down and found this issue in logs. Our SSLs are bought from COMODO.

Please tell me if you want more information regarding this.

Thanks for your response PiBa.

I've made some good progress on this and think I have a working solution. I've found a working ACL combination:
0_1528222388862_workingACLs.jpg
That is, when all backends are down, I get a match on the kdemo_dead ACL that says "!minCountUsableServers ge 1" and haproxy uses the tpc-request connection reject as desired.

Interestingly, at first when I initially had SSL offload enabled for the frontend, I had a lot of errors when the package attempted to create the haproxy.cfg, and when I finally got past that I no longer got the desired behavior: despite the ACLs, haproxy still initiated a TCP connection and returned a 503. I really don't know what's changed,: perhaps it was because I had some of the boxes checked that created additional ACLs?

It seems the haproxy package is dynamically generating a haproxy.cfg when I apply UI changes and sometimes the content and sequence of entries causes unintended consequences.

At any rate, seems to be working now, so I'm happy:)

I think the NONE_ABORTED is because it can't retrieve the images from the cache.

Can you set the hard disk cache size back to what it was previously?