Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Solved] How to bypass squid completely for a domain(s)?

    pfSense Packages
    4
    8
    31070
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kripz last edited by

      Squid is set to transparent mode, is this easily possible?

      1 Reply Last reply Reply Quote 0
      • X
        XIII last edited by

        if you dont want squid to cache domains you need to add those domain/ips under the never cache section of the config.

        transparency is just so that you dont need to configure any clients to use the proxy server, its done automatically/transparently.

        1 Reply Last reply Reply Quote 0
        • K
          kripz last edited by

          Not quite. Im guessing transparency mode redirects all port 80 traffic to 3128. I need to make an exception for a certain domain as squid doesnt support http 1.1.

          1 Reply Last reply Reply Quote 0
          • X
            XIII last edited by

            under proxy server go to cache management and scroll down to do not cache and type the domain(s)/ip(s) you do not want cached.
            Domains/ips entered there will not be cached and will bypass the proxy.

            1 Reply Last reply Reply Quote 0
            • K
              kripz last edited by

              It doesnt bypass the proxy, it just doesnt cache it? Squid is still handling it. It still appears in the squid logs.

              1 Reply Last reply Reply Quote 0
              • G
                Gloom last edited by

                It wont while you run Squid in transparent mode as basically what you are doing is redirecting all traffic on port 80 through to the proxy server.
                Two solutions spring to mind. You could set Squid up as normal on port 3128 and put the exception in the browser to go directly then roll-out the settings to your browser via a pac file or GPO or you could offer a different route to the host via your routing tables to bypass the proxy box completely.

                Without knowing your network layout and number of users/OS used I can't say which might be your best solution.

                1 Reply Last reply Reply Quote 0
                • M
                  mhab12 last edited by

                  Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

                  $rules .= "\n# Setup Squid proxy redirect\n";
                  			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
                  				foreach ($ifaces as $iface) {
                  					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
                  
                  1 Reply Last reply Reply Quote 0
                  • K
                    kripz last edited by

                    @mhab12:

                    Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately.

                    $rules .= "\n# Setup Squid proxy redirect\n";
                    			if ($squid_conf['private_subnet_proxy_off'] == 'on') {
                    				foreach ($ifaces as $iface) {
                    					$rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; 
                    

                    That sounds like exactly what im after, ill give it a try later.

                    EDIT: Seems to be working.

                    If anyone is interested

                     nano /usr/local/pkg/squid.inc
                    
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy