Exclude hosts from using the proxy

cyberzeus

Hello all --- is there any way to exclude hosts from using the HTTP\SSL proxies?

Preempting responses that will say how pointless this might be, let me state that there is a definite use case for such a setting --- basically devices like Apple TVs, Amazon Echos, etc.

One way I have seen this implemented was to have enabling\disabling of using the proxy to be done in the FW rule. Using that method, if there was a set of devices that needed to just bypass the proxy, then it was disabled in the relevant FW rule for the device(s) in question.

I haven't seen that same cfg. option in Squid + pfSense but is there any way to achieve the same end result?

periko

Transparent or non-transparent proxy?

The first one has that option built in the GUI.
The 2nd one is more easy because if the device don't about the proxy u manage the allow/block with fw rules.

cyberzeus

Hi periko,

Definitely transparent. The question I ask actually only applies to a transparent proxy because when using a non-transparent setup, the client machine talks to the proxy rather than the outside world.

I do not see the config option you mention so please let me know where you are thinking.

Thanks again for your response...

periko

Squid --> General Settings-->Transparent Proxy Settings->Bypass Proxy for These Source IPs

Is this what u need?

cyberzeus

Hi periko: Looks like it - totally misread that line item - many thanks...

4o4rh

I would like to know how to do this for Split Bump default config.

I have a WiFi VLAN which all connections on the interface use the proxy, however,
my work laptop uses the PulseVPN client.

Even though i have the destination host in the bypass list, the pulse client which connects over 443,
picks up my ca certificate and can't make a connection to the vpn host.