Issue with bypass proxy for these source IPs

JLSheldrake · Feb 15, 2017, 11:46 AM

Hi,

We currently have 2 Pfsense firewall routers setup both running squidguard. I have configured these to block a number of websites which works perfectly. I have also added 2 IP address entry’s into bypass proxy for these source IPs.

These were working for a few days without issue but now has began blocking websites although they are still listed under bypass proxy for these source IP addresses on both routers.

removing and reading them fixes the problem but I shouldn't have to do this on a weekly basis.

Any suggestions on how to fix this issue would be greatly appreciated.

Cheers

J

dlawley · Feb 18, 2017, 5:21 PM

I have found a problem here as well, it seems that if I enter a domain hostname the whole squid process fails to load (or maybe just squidguard and lightsquid). IP address works fine.

I' get something about not being able to find ipaddress for xyz.domain

doktornotor · Feb 18, 2017, 6:34 PM

@dlawley:

I have found a problem here as well, it seems that if I enter a domain hostname the whole squid process fails to load (or maybe just squidguard and lightsquid). IP address works fine.

Why on earth would you put a domain there? Yeah it won't work when it doesn't resolve. And what does this have to do with this thread's topic?

dlawley · Feb 23, 2017, 1:25 AM

feel better now?

Do not proxy traffic going to these destination IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall.

because it says I can, if it fails lookup it should not crash the whole process

jimp · Feb 27, 2017, 5:06 PM

Just because you can, doesn't mean you should.

Put the hostname in an alias, put the alias name in the squid settings.

That will (a) stop a bad hostname from tanking squid and (b) allow pfSense to update the alias if the results of the hostname resolution changes.