Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Exclude hosts from using the proxy

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 3 Posters 968 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cyberzeus
      last edited by

      Hello all --- is there any way to exclude hosts from using the HTTP\SSL proxies?

      Preempting responses that will say how pointless this might be, let me state that there is a definite use case for such a setting --- basically devices like Apple TVs, Amazon Echos, etc.

      One way I have seen this implemented was to have enabling\disabling of using the proxy to be done in the FW rule. Using that method, if there was a set of devices that needed to just bypass the proxy, then it was disabled in the relevant FW rule for the device(s) in question.

      I haven't seen that same cfg. option in Squid + pfSense but is there any way to achieve the same end result?

      1 Reply Last reply Reply Quote 0
      • perikoP
        periko
        last edited by

        Transparent or non-transparent proxy?

        The first one has that option built in the GUI.
        The 2nd one is more easy because if the device don't about the proxy u manage the allow/block with fw rules.

        Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
        www.bajaopensolutions.com
        https://www.facebook.com/BajaOpenSolutions
        Quieres aprender PfSense, visita mi canal de youtube:
        https://www.youtube.com/c/PedroMorenoBOS

        1 Reply Last reply Reply Quote 1
        • C
          cyberzeus
          last edited by

          Hi periko,

          Definitely transparent. The question I ask actually only applies to a transparent proxy because when using a non-transparent setup, the client machine talks to the proxy rather than the outside world.

          I do not see the config option you mention so please let me know where you are thinking.

          Thanks again for your response...

          1 Reply Last reply Reply Quote 0
          • perikoP
            periko
            last edited by

            Squid --> General Settings-->Transparent Proxy Settings->Bypass Proxy for These Source IPs

            Is this what u need?

            Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
            www.bajaopensolutions.com
            https://www.facebook.com/BajaOpenSolutions
            Quieres aprender PfSense, visita mi canal de youtube:
            https://www.youtube.com/c/PedroMorenoBOS

            1 Reply Last reply Reply Quote 1
            • C
              cyberzeus
              last edited by

              Hi periko: Looks like it - totally misread that line item - many thanks...

              1 Reply Last reply Reply Quote 0
              • 4
                4o4rh
                last edited by

                I would like to know how to do this for Split Bump default config.

                I have a WiFi VLAN which all connections on the interface use the proxy, however,
                my work laptop uses the PulseVPN client.

                Even though i have the destination host in the bypass list, the pulse client which connects over 443,
                picks up my ca certificate and can't make a connection to the vpn host.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.