Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bypass squid proxy for domain-name

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MosfetWall
      last edited by

      Hello all,

      Here is a little info abut my situation :

      • PfSense version : 2.4.4-RELEASE-p3
      • Squid vesion : 0.4.44_9

      Squid is configured in transparent mode with HTTPS/SSL Interception in Splice All mode and everything works just fine.
      Now due to incompatibility reasons I want to bypass squid for a few domains, I've managed to do sow, for some, with permanent IP address by using Bypass Proxy for These Destination IPs in general settings but i need to bypass a few domains preferably using wildcard (ex .microsoft.com) but Alias-es don't permit the usage of wildcards and/or squid domains.
      Any suggestions are highly appreciated 😃

      I've done some research and tried the following, without success :
      @GL said in [SOLVED]Help needed: bypass squid and squidGuard for iTunes, AppleStore, Android:

      I implemented the solution and for now it seems working, I am testing it.
      here a step by step guide of what i implemented.

      1. Go to Services->Squid Proxy Server

      2. Enable and configure HTTPS transparent proxy

      3. Go to the bottom of the page, click Show Advanced Options

      4. Cut and past the following text in the box "Custom Options (Before Auth)":

      acl ssl_exclude_domains ssl::server_name "/usr/local/etc/squid/exclude_domains.conf"

      ssl_bump peek step1 all
      ssl_bump splice ssl_exclude_domains
      ssl_bump stare step2 all
      ssl_bump bump all

      1. wait to save

      2. connect with secure shell to pfsense and login

      3. choose option 8 "Shell"

      4. cd /usr/local/etc/squid

      5. ee exclude_domains.conf

      6. input the following text :

      .apple.com
      .mzstatic.com
      .icloud.com
      .dropbox.com
      .microsoft.com
      .oneDrive.com
      .live.com
      .messenger.live.com
      .skype.com
      .trouter.com
      .login.live.com
      .whatsapp.com
      .whatsapp.net

      1. press "esc" then press "a", again press "a"

      2. go back to pfsense webgui and save your squid configuration

      3. restart squid service

      The configuration in exclude_domains.conf should let you use your Apple devices with iTunes and Apple store, let you use WhatsApp, sync with iCloud (pls check also allowed ports in your firewall rules), sync with OneDrive, let your skype work with https transparent proxy, allow you to update with Microsoft in Win10.

      I am still testing, if someone will implement it, pls let us know the outcomes.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.