Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow .exe through squid proxy

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 3 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrsquash2
      last edited by

      Hello everyone!

      I have an exe that initializes an activex application. In order to work properly the exe needs to be able to access the internet without being blocked by the proxy. However, within squid I don't see anywhere that I would go to allow this functionality.

      Does anyone have any tips on how to accomplish this?

      Thanks

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        if it's on a single machine, just allow it's ip.

        Are you using transparent proxy?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          mrsquash2
          last edited by

          Yes, I am using transparent proxy.

          The .exe file is on about 60 machines so I would like to let the .exe pass through the proxy for all systems on my domain.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            if your change your .exe file to fetch it via https, it will not be filtered by squid.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • M
              mrsquash2
              last edited by

              Unfortunately, the .exe is part of a distributed package from a 3rd party vendor. Therefore I cannot alter their software.

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke
                last edited by

                you can bypass the proxy for a destination IP.
                So if your exe is connecting to always the same IP (range) then add this to the bypass list on squid GUI.

                1 Reply Last reply Reply Quote 0
                • M
                  mrsquash2
                  last edited by

                  Isn't the bypass list something that allows an internal client to bypass the proxy all together?

                  The only thing I have found so far to test is:

                  edit the squid.inc file

                  $rules .= "\n# Setup Squid proxy redirect\n";
                  if ($squid_conf['private_subnet_proxy_off'] == 'on') {
                  foreach ($ifaces as $iface) {
                  $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n";

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    this rule says to do not forward traffic to squid for these ips

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nachtfalke
                      last edited by

                      @mrsquash2:

                      Isn't the bypass list something that allows an internal client to bypass the proxy all together?
                      (…)

                      It depends on what you allow to bypass. You can bypass the proxy by SOURCE IP or you can bypass the proxy by DESTINATION IP.

                      If you allow by SOURCE IP you are right, the host will bypass the proxy at all.
                      That's why I said you should use DESTINATION IP. Then the proxy will only be bypassed for this dest. IP but all other IPs must pass the proxy.

                      1 Reply Last reply Reply Quote 0
                      • M
                        mrsquash2
                        last edited by

                        When I go to Services > Proxy Server I have the option "Bypass proxy for these source IPs" with a description of "Do not forward traffic from these source IPs through the proxy server but directly through the firewall. Separate by semi-colons (;)."

                        Are you saying that I can put DESTINATION IPs in here as well?

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          @mrsquash2:

                          Are you saying that I can put DESTINATION IPs in here as well?

                          Isn't the next field ..Bypass proxy for these destination IPs ?
                          Do not proxy traffic going to these destination IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • M
                            mrsquash2
                            last edited by

                            I don't have that option.

                            I'm using:

                            Squid v2.7.8_1
                            SquidGuard v1.3-2
                            Lightsquid v1.7.1 pkg v.1.2

                            Do I need to upgrade to a newer version?

                            1 Reply Last reply Reply Quote 0
                            • marcellocM
                              marcelloc
                              last edited by

                              @mrsquash2:

                              Do I need to upgrade to a newer version?

                              It's on both squid versions (2.7.9 pkg v.4.3.1 and 3.1.20 pkg 2.0.5_5) on first package gui tab for a long time.

                              Treinamentos de Elite: http://sys-squad.com

                              Help a community developer! ;D

                              1 Reply Last reply Reply Quote 0
                              • M
                                mrsquash2
                                last edited by

                                Upgraded to 2.7.9 pkg v.4.3.1 and added the IP DESTINATION bypass.

                                All seems to be working now.

                                Thanks!

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.