Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. proxy
    Log in to post
    • All categories
    • JonathanLeeJ

      UNOFFICIAL GUIDE: Squid external Raspberry PI WPAD lighttpd server Guide with Raspberry Zero LCD HAT code.

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy wpad proxy squid squid-proxy
      18
      0 Votes
      18 Posts
      2k Views
      JonathanLeeJ

      This is a better WPAD file

      server.modules = ( "mod_access", "mod_staticfile", "mod_expire", "mod_setenv" ) server.document-root = "/var/www/html" server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 server.bind = "192.168.1.6" server.tag = "" server.range-requests = "disable" server.max-connections = 10 connect-timeout = 2 server.max-keep-alive-idle = 2 server.max-keep-alive-requests = 1 server.max-read-idle = 2 server.max-write-idle = 2 dir-listing = "disable" $HTTP["request-method"] =~ "^(TRACE|TRACK)$" { url.access-deny = ( "" ) } # Cache WPAD and proxy PAC files for 1 day (good practice) expire.url = ( "/wpad.dat" => "access plus 1 day", "/proxy.pac" => "access plus 1 day" ) # Disable access logs to reduce SD card wear (optional) accesslog = "" $HTTP["url"] =~ "^/(wpad\.dat|proxy\.pac)$" { setenv.add-response-header = ( "X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "DENY", "Content-Security-Policy" => "default-src 'none';", "Cache-Control" => "public, max-age=86400", "Referrer-Policy" => "no-referrer", "X-Download-Options" => "noopen", "X-Permitted-Cross-Domain-Policies" => "none" ) # Allow only GET and HEAD methods $HTTP["request-method"] !~ "^(GET|HEAD)$" { url.access-deny = ( "" ) } # Restrict access by IP subnets $HTTP["remoteip"] == "192.168.1.0/27" { } else $HTTP["remoteip"] == "2001:470:8052:a::/64" { } else { url.access-deny = ( "" ) } } # Deny all other URL requests $HTTP["url"] !~ "^/(wpad\.dat|proxy\.pac)$" { url.access-deny = ( "" ) } # Strict URL parsing for security and consistency server.http-parseopts = ( "header-strict" => "enable", "host-strict" => "enable", "host-normalize" => "enable", "url-normalize-unreserved"=> "enable", "url-normalize-required" => "enable", "url-ctrls-reject" => "enable", "url-path-2f-decode" => "disable", "url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "disable", "url-path-dotseg-reject" => "enable", ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # Add WPAD MIME type for correct browser handling mimetype.assign = ( ".dat" => "application/x-ns-proxy-autoconfig", ".pac" => "application/x-ns-proxy-autoconfig" )
    • JonathanLeeJ

      New Apple products on enterprise networks domain list

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy database squid proxy splice enterprise
      10
      0 Votes
      10 Posts
      2k Views
      johnpozJ

      @JonathanLee tls 1.3 has been used for quite some time.. Any time I bother to look at the connection to pretty much anything its tls 1.3.. This connection to the forums is using tls 1.3

      ensi is dead but long live ech, that could be problematic I would bet..

      But again I don't do any sort of mitm, its not good practice - I want my ssl/tls to be end to end.. As the internet gods intended it to be ;)

      I have no need or desire to run a proxy.. If I want to block someting I would filter on IP or DNS.. Yes I block the bane of filtering doh and dot.

      I run a reverse proxy, but not as a filtering method or as a way to do mitm.. But as a way to offload the ssl connection because the actual services have no ssl support at all, or are a pain to setup. These connections are tls 1.3.. And I don't even allow 1.2, if your not using 1.3 then your not accessing it. And use strict sni - so if you don't send the valid sni your not being proxied in either. This keeps rando port scanners from being able to actually get to the sites interface.

      And I block most of the known scanners from talking to any of my forwards anyway, and only allow access into my forwards if your coming from US IP, etc.

    • L

      New Squid 6.7 and Clamav 1.3.0

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy squid upgrade proxy
      11
      8 Votes
      11 Posts
      2k Views
      T

      @lg1980 said in New Squid 6.7 and Clamav 1.3.0:

      https://git.labexposed.com/lgcosta/gists/src/branch/main/squid-6x

      Hi

      I hope you are doing well.

      I have reinstall pfsense OS ,i need to reconfigure squid Proxy, I am unable to download pakage from above github link.Can you share the new repo link.

    • JonathanLeeJ

      DHCP Option 252, Option 42 Questions

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS dhcp ntp wpad proxy
      5
      0 Votes
      5 Posts
      1k Views
      P

      @JonathanLee sorry if I wasn't clear. No, one URL should be enough

    • T

      pfsense : forward all LAN traffic to a proxy

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions android proxy pfsense setup network forwarding
      8
      0 Votes
      8 Posts
      4k Views
      M

      @viragomann

      I wish to do this using a proxy service that I have subscribe to however they provide a hostname and port so I don't think I can use the GW method here.

    • A

      pfSense behind Traefik

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling rules proxy
      2
      0 Votes
      2 Posts
      1k Views
      ipeetablesI

      @atxcoder you need a Web Application Firewall (WAF) to do that, pfsense FW rules block at the ip layer. x-real-ip is application layer. The traffic is allowed because it came from 10.0.10.4.

    • M

      Route Wireguard traffic through Squid Proxy

      Watching Ignoring Scheduled Pinned Locked Moved Traffic Monitoring wireguard vpn squid proxy
      2
      0 Votes
      2 Posts
      2k Views
      M

      @ma0f97 Has no one an idea?

    • W

      Help please

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy proxy blacklist squidguard
      1
      1 Votes
      1 Posts
      589 Views
      No one has replied
    • R

      WAN optimization/acceleration

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions ipsec ipsec vti qos slow throughput proxy
      16
      0 Votes
      16 Posts
      3k Views
      N

      @rtw915 said in WAN optimization/acceleration:

      Now the SQL team needs me to find a way to improve SQL linked server transfer rates to synchronize transactions.

      This will bring you back to the initial wan accelerator solution.
      The only other possible solution is to redesing the db subsystem, utilizing some way of sql replication, taking into consideration propagation delays

    • B

      Different proxy for different interfaces

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions proxy interfaces
      6
      0 Votes
      6 Posts
      1k Views
      stephenw10S

      So you just need to redirect traffic to them in pfSense? You can just use port forwards for that. That's what Squid does if you set it to transparent mode.

      Steve

    • H

      Wan -> pfsense -> Wan possible?

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN wan squid proxy virtualbox
      1
      0 Votes
      1 Posts
      568 Views
      No one has replied
    • L

      No se puede recuperar la información del paquete.

      Watching Ignoring Scheduled Pinned Locked Moved Español paquetes pfsense squid actualizaciones proxy
      3
      0 Votes
      3 Posts
      1k Views
      L

      @lucasll había puesto el IP y puerto del kerio en Advanced - Miscellaneus del pfsense pero ya encontré la solución. Mi DNS superior no resolvía las direcciones fuera de la VPN. Utilicé un repositorio alternativo que el DNS era capaz de resolver.

    • N

      applications without internet access

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions squid proxy pfsense
      5
      0 Votes
      5 Posts
      1k Views
      KOMK

      @norcarde A transparent proxy would solve your application problems, but they are a hassle to setup and can introduce their own problems.

    • N

      Aplicaciones sin acceso a internet

      Watching Ignoring Scheduled Pinned Locked Moved Español squid proxy pfsense
      3
      0 Votes
      3 Posts
      909 Views
      N

      @santi buen día. Ya revisé el log. Dónde obtuve la ip a la cual de está conectado, la agregue a la lista blanca, además, del puerto. Pero sigue sin funcionar .

    • S

      HAProxy not routing multiple internal hosts to one public IP

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy haproxy reverse proxy proxy routing
      8
      0 Votes
      8 Posts
      2k Views
      S

      @PiBa Good news, I got it to work! I did as you suggested and got a self signed certificate on the server using this guide. After that HAProxy is able to route traffic to the host. It even works with the Let's Encrypt wildcard cert I have through the ACME package, so there's no cert errors getting to the site. Thank you for the help again.

    • T

      how to make pfsense work as multiple proxy server

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy proxy route non-transparent
      1
      0 Votes
      1 Posts
      610 Views
      No one has replied
    • D

      Como configurar o pfsense em uma rede que já possui um proxy?

      Watching Ignoring Scheduled Pinned Locked Moved Portuguese proxy squid
      1
      0 Votes
      1 Posts
      479 Views
      No one has replied
    • P

      install treafik on pfsense

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy proxy haproxy traefik
      1
      0 Votes
      1 Posts
      2k Views
      No one has replied
    • V

      Setting reversed proxy

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy proxy haproxy
      39
      0 Votes
      39 Posts
      7k Views
      V

      @jimp could you point me in the right direction how to setup so HAProxy on pfSense handels the certs ( not just getting them )

    • J

      Liberação OneDrive via Firewall PFSense 2.4.3_1 (Proxy Autenticado)

      Watching Ignoring Scheduled Pinned Locked Moved Portuguese firewall proxy authentication
      6
      0 Votes
      6 Posts
      2k Views
      L

      @juanmaximoti Como conseguiu liberar?