• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Solved] How to bypass squid completely for a domain(s)?

Scheduled Pinned Locked Moved pfSense Packages
8 Posts 4 Posters 33.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kripz
    last edited by Jan 19, 2010, 8:42 AM Jan 17, 2010, 6:21 AM

    Squid is set to transparent mode, is this easily possible?

    1 Reply Last reply Reply Quote 0
    • X
      XIII
      last edited by Jan 17, 2010, 7:55 AM

      if you dont want squid to cache domains you need to add those domain/ips under the never cache section of the config.

      transparency is just so that you dont need to configure any clients to use the proxy server, its done automatically/transparently.

      -Chris Stutzman
      Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
      Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
      freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
      Check out the pfSense Wiki

      1 Reply Last reply Reply Quote 0
      • K
        kripz
        last edited by Jan 17, 2010, 9:59 AM Jan 17, 2010, 8:26 AM

        Not quite. Im guessing transparency mode redirects all port 80 traffic to 3128. I need to make an exception for a certain domain as squid doesnt support http 1.1.

        1 Reply Last reply Reply Quote 0
        • X
          XIII
          last edited by Jan 17, 2010, 9:26 PM

          under proxy server go to cache management and scroll down to do not cache and type the domain(s)/ip(s) you do not want cached.
          Domains/ips entered there will not be cached and will bypass the proxy.

          -Chris Stutzman
          Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
          Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
          freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
          Check out the pfSense Wiki

          1 Reply Last reply Reply Quote 0
          • K
            kripz
            last edited by Jan 18, 2010, 7:49 AM

            It doesnt bypass the proxy, it just doesnt cache it? Squid is still handling it. It still appears in the squid logs.

            1 Reply Last reply Reply Quote 0
            • G
              Gloom
              last edited by Jan 18, 2010, 1:05 PM

              It wont while you run Squid in transparent mode as basically what you are doing is redirecting all traffic on port 80 through to the proxy server.
              Two solutions spring to mind. You could set Squid up as normal on port 3128 and put the exception in the browser to go directly then roll-out the settings to your browser via a pac file or GPO or you could offer a different route to the host via your routing tables to bypass the proxy box completely.

              Without knowing your network layout and number of users/OS used I can't say which might be your best solution.

              Never underestimate the power of human stupidity

              1 Reply Last reply Reply Quote 0
              • M
                mhab12
                last edited by Jan 18, 2010, 4:33 PM

                Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

                $rules .= "\n# Setup Squid proxy redirect\n";
                			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
                				foreach ($ifaces as $iface) {
                					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
                
                1 Reply Last reply Reply Quote 0
                • K
                  kripz
                  last edited by Jan 19, 2010, 8:37 AM Jan 18, 2010, 9:57 PM

                  @mhab12:

                  Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

                  $rules .= "\n# Setup Squid proxy redirect\n";
                  			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
                  				foreach ($ifaces as $iface) {
                  					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
                  

                  That sounds like exactly what im after, ill give it a try later.

                  EDIT: Seems to be working.

                  If anyone is interested

                   nano /usr/local/pkg/squid.inc
                  
                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received