Bypass Transparent HTTPS Proxy
-
I have a few Roku Boxes on my Lan that don't like the HTTPS Man in the middle part of the transparent proxy, is there a way I could set up an alias for those devices and then tell them to bypass the proxy but only for the HTTPS part? I still want the HTTP to go through the proxy.
Thanks in advance.
-
If you do not configure MITM, when configuring transparent proxy, then HTTP flow will go thorough proxy while HTTPS will not.
Does it fit your expectation? -
No, I want MITM to work for everything else, I just don't want it to intercept the Roku Boxes. I have to use transparent proxy otherwise the Roku boxes can not go through the proxy as there are no proxy setting menu on them.
-
Thus you will have to manually update the prerouting rules but then I wonder how this would be kept in case you perform any other modification through GUI ???
-
And that is were I hit a brick wall.
I have tried various configurations but I have not had any luck getting it to work.
-
Anyone?
-
I don't think you can carve it up like that. Ditch the transparent proxy for explicit and your life will be much easier in this regard.
-
It's dead simple: stop setting up transparent proxy on interfaces where you do NOT want transparent proxy. IOW - stick those boxes on another separate interface.
-
The reason I use the transparent proxy is because I have content filtering setup, it blocks all the annoying commercials even on the roku.
-
same problem, but I can't solved this problem. ;D
-
It's dead simple: stop setting up transparent proxy on interfaces where you do NOT want transparent proxy. IOW - stick those boxes on another separate interface.
Stop using transparent proxy…
-
The reason I use the transparent proxy is because I have content filtering setup, it blocks all the annoying commercials even on the roku.
Hi lockye,
have you ever tried to use a NAT rule in your inbound Interface?
For me it's working. All devices that don't like SSL interception are in the Group "grp_no_https_interception". That's all.
You also need to have a firewall rule in place to allow the traffic.
-
THANKYOU
I had tried something similar but could not get it to work, I must have been missing something.
I followed your directions and it does what I need it to do. Thanks for including the attachment, very helpful.
Thanks again
-
The reason I use the transparent proxy is because I have content filtering setup, it blocks all the annoying commercials even on the roku.
Hi lockye,
have you ever tried to use a NAT rule in your inbound Interface?
For me it's working. All devices that don't like SSL interception are in the Group "grp_no_https_interception". That's all.
You also need to have a firewall rule in place to allow the traffic.hello, can you give rule firewall rule to allow the traffic ;D (im try make firewall rule same as nat forward but cant bypass https connection)
