[Solved] How to bypass squid completely for a domain(s)?



  • Squid is set to transparent mode, is this easily possible?



  • if you dont want squid to cache domains you need to add those domain/ips under the never cache section of the config.

    transparency is just so that you dont need to configure any clients to use the proxy server, its done automatically/transparently.



  • Not quite. Im guessing transparency mode redirects all port 80 traffic to 3128. I need to make an exception for a certain domain as squid doesnt support http 1.1.



  • under proxy server go to cache management and scroll down to do not cache and type the domain(s)/ip(s) you do not want cached.
    Domains/ips entered there will not be cached and will bypass the proxy.



  • It doesnt bypass the proxy, it just doesnt cache it? Squid is still handling it. It still appears in the squid logs.



  • It wont while you run Squid in transparent mode as basically what you are doing is redirecting all traffic on port 80 through to the proxy server.
    Two solutions spring to mind. You could set Squid up as normal on port 3128 and put the exception in the browser to go directly then roll-out the settings to your browser via a pac file or GPO or you could offer a different route to the host via your routing tables to bypass the proxy box completely.

    Without knowing your network layout and number of users/OS used I can't say which might be your best solution.



  • Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

    $rules .= "\n# Setup Squid proxy redirect\n";
    			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
    				foreach ($ifaces as $iface) {
    					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
    


  • @mhab12:

    Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

    $rules .= "\n# Setup Squid proxy redirect\n";
    			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
    				foreach ($ifaces as $iface) {
    					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
    

    That sounds like exactly what im after, ill give it a try later.

    EDIT: Seems to be working.

    If anyone is interested

     nano /usr/local/pkg/squid.inc
    

Locked