Squid3: How to set HTTPS bypass ONLY for certain clients, but leave HTTP proxied
-
Hi all,
Any way to set HTTPS bypass ONLY for certain clients, but leave HTTP proxied in transparent mode? I am currently running DansGuardian on 2.1.5, and since it is capturing all HTTP traffic and then forwarding to Squid, I am effectively only bypassing HTTPS from the Squid config. I will jettison DG out the airlock once I upgrade to 2.2, so how can I keep all HTTP traffic proxied, while only bypassing HTTPS filtering for a handful of clients?
Thanks!
-
As you're forwarding it via firewall nat/rules, just create a no nat rule before with your client ips.
-
As you're forwarding it via firewall nat/rules, just create a no nat rule before with your client ips.
Thank you, Marcello!
So, if I understand correctly, I create a rule that instead of forwarding the client's IP outgoing traffic from port 80 to port 8080 on the LAN interface (like I have with DansGuardian), I create a rule to forward port 80 outgoing traffic on the LAN interface to port 3128? so even if the proxy is set to bypass traffic from that IP in transparent mode, it will still force HTTp to be proxied, and HTTPS to be bypassed?