[squid] transparent proxy - don't proxy a specific client?



  • Since I've got metal gear solid 4 I've been stressing out what the extras menu didn't load.  After doing some packet captures I found out squid, which is running in transparent proxy mode, was throwing an error.  Basically it was giving the "URL can not be retrieved" message that apparently wasn't what the game was expecting, so it was immediately giving an error.  I disabled the transparent proxy and sure enough I now get an error from the game saying it can't connect to server (it's been known their servers have been flakey).  So long story short, I want to whitelist the PS3's ip from being proxied while still doing the transparent proxy for everyone else.

    I tried adding the following options to the "custom options" in proxy server:

    acl ps3 src 192.168.0.105/32; http_access deny ps3
    

    That didn't work.  I then changed http_access to cache and still didn't work.  Any other ideas or is it just an all or nothing type thing?



  • Guess I was too quick to post, but this may help others anyway.  First you need to uncheck "Allow users on interface" which automatically creates an allow for all clients in local network.  Since you want to deny an ip you need to put the deny before the allow, which doesn't happen automatically.  In the custom section add the following (where 192.168.0.0 is your own local network).

    acl ps3 src 192.168.0.105/32;
    acl localnet src 192.168.0.0/24;
    http_access deny ps3;
    http_access allow localnet
    

    Again, the order of the http_access lines are important.  Now the "ps3" acl won't get proxied.


Log in to reply