As a follow-up to this post from two years ago (!!) How I use Apache behind pfSense, I think I may have solved a similar problem with HTTP authentication, trac, and the pfSense sticky states balancer.
I wrote up a little javascript keepalive (will publish soon), turned off the Keepalive in Apache, and it seems to work fine. Previously it would log me out randomly, because the load balancer had switched backends.
Hmmm, its very strange because it just switched again. I wish I knew why it was not remaining a sticky connection. The blurb doc says as long as there is a connection, it stays sticky. Hence the keepalive, but its apparently not working. 
Aha - I think I may have figured it out. I was connecting to other back-ends through the load balancer which had different keepalive settings. I wish the keepalive settings worked.
There are many facets to this situation: http keepalive, tcp keepalive, pf states, proxies, and more I’m not thinking of at the moment. Its very interesting though.
The pfSense hackathon is over, and I’m skimming through the change logs. Looks like most of the changes were to the 2.0 branch, which I’ve only tried on a virtual machine, but it looked nice.
Clog is gone, replaced by fifolog, and is it true? Ftp proxy is gone? Nice, I never liked that. Instead I use NAT for a few hundred ports in the 65000 range, and that seems to work much better. I set the same range in proftpd.conf and its good to go. Looks like they are using the prototype javascript framework ( I prefer jQuery ).
In other news, the pfSense folks are adding some services to the pfSense offering, and so far it looks terrific. There is now (or soon to be) the ability to save your configuration to a secure service. Nice work people!
I should also note that the glxsb (Geode LX Security Block) kernel module continues to run well on my ALIX board. Excellent!
I’m not a big fan of the FTP helper, but in some cases it works. One problem I have with it is that proftpd ends up only having connections from the gateway ip address, so it does not log the source ip address.
To do away with the ftp helper and support passive ftp transfers, I found this pfSense FTP Trouble Shooting page helpful. In a nutshell, I did the following things:
- Disabled the FTP userland helper for all interfaces.
- Specified the masqueraded ip address and a limited port range in /etc/proftpd/proftpd.conf
- Port forwarded port 21 and the port range in pfSense to the proftpd server
It works! I’m planning to install fail2ban now that I have ip addresses I can ban! 
This is not a new discovery to me, I’ve known that pfSense is an amazing resource. I’m posting this to make sure that other people know this as well.
I’ve been using pfSense for about 3 years now, and I use it everyday. It is part of my company’s infrastructure, as firewalls, IPSec VPN gateways, a DHCP server, and a NAT tool.
If you have considered using pfSense but haven’t gotten around to it yet, take my positive experience into consideration. You might like it as much as I do!
pfSense on the Docunext Wiki
pfSense Category at this Docunext Blog
http://pfsense.com/