Bypass proxy or allow domain on Squid [SSL]

azkerm

Hi There,

We're using pfsense along with squid proxy to server internet. Also, squidguard to filter both HTTP/HTTPS traffics. Further, we've configured AD authentication with WPAD/PAC via DHCP. Now the issue is with certain sites bumping SSL certificates.

For an example; I'm trying to configure an online exchange account which keeps on prompting for its credentials even though I provide the correct one. I've tried the webmail which works quiet happily. So to find the root cause, I checked for squid realtime logs to see what is causing. Then I got to know that the proxy is denying autodiscover.domain.com:443 continuously. I've tried adding this domain to bypass locally on user's PC by manually tuning on the proxy.

I cannot add this to squid bypass as I'm not running the proxy in transparent mode. Can anyone advise me how can I achieve this.. I'm pretty confused at this point.

dgcom

If I understand it correctly, you host your organization's email on Office 365?
If so, do you have autodiscover.<your_domain>.com properly aliased (CANME) to autodiscover.outlook.com?

Reason I am asking is that autodiscover.outlook.com does not respond on port 443 (and should not).

In case it is configured correctly, you also have to be mindful of when to enter which credentials - some will ask you for your proxy credentials and some will ask for application (exchange) credentials.

And another way to test this is to allow your test machine to connect directly - does it work or still prompts?</your_domain>