• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Bypass squid proxy for domain-name

Scheduled Pinned Locked Moved Cache/Proxy
1 Posts 1 Posters 5.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MosfetWall
    last edited by Dec 4, 2019, 3:23 PM

    Hello all,

    Here is a little info abut my situation :

    • PfSense version : 2.4.4-RELEASE-p3
    • Squid vesion : 0.4.44_9

    Squid is configured in transparent mode with HTTPS/SSL Interception in Splice All mode and everything works just fine.
    Now due to incompatibility reasons I want to bypass squid for a few domains, I've managed to do sow, for some, with permanent IP address by using Bypass Proxy for These Destination IPs in general settings but i need to bypass a few domains preferably using wildcard (ex .microsoft.com) but Alias-es don't permit the usage of wildcards and/or squid domains.
    Any suggestions are highly appreciated 😃

    I've done some research and tried the following, without success :
    @GL said in [SOLVED]Help needed: bypass squid and squidGuard for iTunes, AppleStore, Android:

    I implemented the solution and for now it seems working, I am testing it.
    here a step by step guide of what i implemented.

    1. Go to Services->Squid Proxy Server

    2. Enable and configure HTTPS transparent proxy

    3. Go to the bottom of the page, click Show Advanced Options

    4. Cut and past the following text in the box "Custom Options (Before Auth)":

    acl ssl_exclude_domains ssl::server_name "/usr/local/etc/squid/exclude_domains.conf"

    ssl_bump peek step1 all
    ssl_bump splice ssl_exclude_domains
    ssl_bump stare step2 all
    ssl_bump bump all

    1. wait to save

    2. connect with secure shell to pfsense and login

    3. choose option 8 "Shell"

    4. cd /usr/local/etc/squid

    5. ee exclude_domains.conf

    6. input the following text :

    .apple.com
    .mzstatic.com
    .icloud.com
    .dropbox.com
    .microsoft.com
    .oneDrive.com
    .live.com
    .messenger.live.com
    .skype.com
    .trouter.com
    .login.live.com
    .whatsapp.com
    .whatsapp.net

    1. press "esc" then press "a", again press "a"

    2. go back to pfsense webgui and save your squid configuration

    3. restart squid service

    The configuration in exclude_domains.conf should let you use your Apple devices with iTunes and Apple store, let you use WhatsApp, sync with iCloud (pls check also allowed ports in your firewall rules), sync with OneDrive, let your skype work with https transparent proxy, allow you to update with Microsoft in Win10.

    I am still testing, if someone will implement it, pls let us know the outcomes.

    1 Reply Last reply Reply Quote 1
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received