Squid 6.5 !! Nov 6th
-
i'm not concerned about web caching.. really, with internet speeds the way they are, unless you're running dial-up, not having it is not a deal-breaker..
regarding haproxy not being able to do cert ssl inspection; again, that might not necessarily be a deal breaker. if i'm wrong correct me, but from what i've read/researched/etc.. it can decrypt and re-encrypt ssl/tls certs.. so, in a transparent proxy scenario, when https traffic comes in from the wan, it would be decrypted, FULLY inspected by suricata/snort and then it could either be re-encrypted and sent onward to the clients on the lan side, or sent through another device that's inline for antivirust scanning, either clamav, or anything else at that point.. a lot of commercial AV packages are available for linux, so you could run a simple linux machine.. yes, it adds complexity, but it also adds flexibility by not being limited to a pfsense package that may or may not be available down the road.
It's great that people are devoted to keeping the package going, but what happens when they grow tired of it? keeping those packages going takes a TON of time and effort. What will happen when BBCan decides he can no longer be the sole developer of pfblockerng for example? from what i've read there are only a few people working on keeping squid afloat. unless they get a cash infusion with more devs to reinvigorate the project, it seems like it's days might be numbered..
i HOPE i'm wrong. -
https://forum.netgate.com/topic/186331/new-squid-6-7-and-clamav-1-3-0