Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] How to bypass squid completely for a domain(s)?

    pfSense Packages
    4
    8
    33.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kripz
      last edited by

      Squid is set to transparent mode, is this easily possible?

      1 Reply Last reply Reply Quote 0
      • X
        XIII
        last edited by

        if you dont want squid to cache domains you need to add those domain/ips under the never cache section of the config.

        transparency is just so that you dont need to configure any clients to use the proxy server, its done automatically/transparently.

        -Chris Stutzman
        Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
        Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
        freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
        Check out the pfSense Wiki

        1 Reply Last reply Reply Quote 0
        • K
          kripz
          last edited by

          Not quite. Im guessing transparency mode redirects all port 80 traffic to 3128. I need to make an exception for a certain domain as squid doesnt support http 1.1.

          1 Reply Last reply Reply Quote 0
          • X
            XIII
            last edited by

            under proxy server go to cache management and scroll down to do not cache and type the domain(s)/ip(s) you do not want cached.
            Domains/ips entered there will not be cached and will bypass the proxy.

            -Chris Stutzman
            Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
            Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
            freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
            Check out the pfSense Wiki

            1 Reply Last reply Reply Quote 0
            • K
              kripz
              last edited by

              It doesnt bypass the proxy, it just doesnt cache it? Squid is still handling it. It still appears in the squid logs.

              1 Reply Last reply Reply Quote 0
              • G
                Gloom
                last edited by

                It wont while you run Squid in transparent mode as basically what you are doing is redirecting all traffic on port 80 through to the proxy server.
                Two solutions spring to mind. You could set Squid up as normal on port 3128 and put the exception in the browser to go directly then roll-out the settings to your browser via a pac file or GPO or you could offer a different route to the host via your routing tables to bypass the proxy box completely.

                Without knowing your network layout and number of users/OS used I can't say which might be your best solution.

                Never underestimate the power of human stupidity

                1 Reply Last reply Reply Quote 0
                • M
                  mhab12
                  last edited by

                  Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

                  $rules .= "\n# Setup Squid proxy redirect\n";
                  			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
                  				foreach ($ifaces as $iface) {
                  					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
                  
                  1 Reply Last reply Reply Quote 0
                  • K
                    kripz
                    last edited by

                    @mhab12:

                    Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

                    $rules .= "\n# Setup Squid proxy redirect\n";
                    			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
                    				foreach ($ifaces as $iface) {
                    					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
                    

                    That sounds like exactly what im after, ill give it a try later.

                    EDIT: Seems to be working.

                    If anyone is interested

                     nano /usr/local/pkg/squid.inc
                    
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.