Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bypass squid proxy for domain-name

    Cache/Proxy
    1
    1
    1537
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MosfetWall last edited by

      Hello all,

      Here is a little info abut my situation :

      • PfSense version : 2.4.4-RELEASE-p3
      • Squid vesion : 0.4.44_9

      Squid is configured in transparent mode with HTTPS/SSL Interception in Splice All mode and everything works just fine.
      Now due to incompatibility reasons I want to bypass squid for a few domains, I've managed to do sow, for some, with permanent IP address by using Bypass Proxy for These Destination IPs in general settings but i need to bypass a few domains preferably using wildcard (ex .microsoft.com) but Alias-es don't permit the usage of wildcards and/or squid domains.
      Any suggestions are highly appreciated 😃

      I've done some research and tried the following, without success :
      @GL said in [SOLVED]Help needed: bypass squid and squidGuard for iTunes, AppleStore, Android:

      I implemented the solution and for now it seems working, I am testing it.
      here a step by step guide of what i implemented.

      1. Go to Services->Squid Proxy Server

      2. Enable and configure HTTPS transparent proxy

      3. Go to the bottom of the page, click Show Advanced Options

      4. Cut and past the following text in the box "Custom Options (Before Auth)":

      acl ssl_exclude_domains ssl::server_name "/usr/local/etc/squid/exclude_domains.conf"

      ssl_bump peek step1 all
      ssl_bump splice ssl_exclude_domains
      ssl_bump stare step2 all
      ssl_bump bump all

      1. wait to save

      2. connect with secure shell to pfsense and login

      3. choose option 8 "Shell"

      4. cd /usr/local/etc/squid

      5. ee exclude_domains.conf

      6. input the following text :

      .apple.com
      .mzstatic.com
      .icloud.com
      .dropbox.com
      .microsoft.com
      .oneDrive.com
      .live.com
      .messenger.live.com
      .skype.com
      .trouter.com
      .login.live.com
      .whatsapp.com
      .whatsapp.net

      1. press "esc" then press "a", again press "a"

      2. go back to pfsense webgui and save your squid configuration

      3. restart squid service

      The configuration in exclude_domains.conf should let you use your Apple devices with iTunes and Apple store, let you use WhatsApp, sync with iCloud (pls check also allowed ports in your firewall rules), sync with OneDrive, let your skype work with https transparent proxy, allow you to update with Microsoft in Win10.

      I am still testing, if someone will implement it, pls let us know the outcomes.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy