Exclude hosts from using the proxy


  • Hello all --- is there any way to exclude hosts from using the HTTP\SSL proxies?

    Preempting responses that will say how pointless this might be, let me state that there is a definite use case for such a setting --- basically devices like Apple TVs, Amazon Echos, etc.

    One way I have seen this implemented was to have enabling\disabling of using the proxy to be done in the FW rule. Using that method, if there was a set of devices that needed to just bypass the proxy, then it was disabled in the relevant FW rule for the device(s) in question.

    I haven't seen that same cfg. option in Squid + pfSense but is there any way to achieve the same end result?


  • Transparent or non-transparent proxy?

    The first one has that option built in the GUI.
    The 2nd one is more easy because if the device don't about the proxy u manage the allow/block with fw rules.


  • Hi periko,

    Definitely transparent. The question I ask actually only applies to a transparent proxy because when using a non-transparent setup, the client machine talks to the proxy rather than the outside world.

    I do not see the config option you mention so please let me know where you are thinking.

    Thanks again for your response...


  • Squid --> General Settings-->Transparent Proxy Settings->Bypass Proxy for These Source IPs

    Is this what u need?


  • Hi periko: Looks like it - totally misread that line item - many thanks...


  • I would like to know how to do this for Split Bump default config.

    I have a WiFi VLAN which all connections on the interface use the proxy, however,
    my work laptop uses the PulseVPN client.

    Even though i have the destination host in the bypass list, the pulse client which connects over 443,
    picks up my ca certificate and can't make a connection to the vpn host.