Bypass squid proxy for domain-name
Here is a little info abut my situation :
- PfSense version : 2.4.4-RELEASE-p3
- Squid vesion : 0.4.44_9
Squid is configured in transparent mode with HTTPS/SSL Interception in Splice All mode and everything works just fine.
Now due to incompatibility reasons I want to bypass squid for a few domains, I've managed to do sow, for some, with permanent IP address by using Bypass Proxy for These Destination IPs in general settings but i need to bypass a few domains preferably using wildcard (ex .microsoft.com) but Alias-es don't permit the usage of wildcards and/or squid domains.
Any suggestions are highly appreciated
I've done some research and tried the following, without success :
@GL said in [SOLVED]Help needed: bypass squid and squidGuard for iTunes, AppleStore, Android:
I implemented the solution and for now it seems working, I am testing it.
here a step by step guide of what i implemented.
Go to Services->Squid Proxy Server
Enable and configure HTTPS transparent proxy
Go to the bottom of the page, click Show Advanced Options
Cut and past the following text in the box "Custom Options (Before Auth)":
acl ssl_exclude_domains ssl::server_name "/usr/local/etc/squid/exclude_domains.conf"
ssl_bump peek step1 all
ssl_bump splice ssl_exclude_domains
ssl_bump stare step2 all
ssl_bump bump all
wait to save
connect with secure shell to pfsense and login
choose option 8 "Shell"
input the following text :
press "esc" then press "a", again press "a"
go back to pfsense webgui and save your squid configuration
restart squid service
The configuration in exclude_domains.conf should let you use your Apple devices with iTunes and Apple store, let you use WhatsApp, sync with iCloud (pls check also allowed ports in your firewall rules), sync with OneDrive, let your skype work with https transparent proxy, allow you to update with Microsoft in Win10.
I am still testing, if someone will implement it, pls let us know the outcomes.