[exclude_hosts] let me try again

jamiebond

Hi everyone, this post of mine has reference (http://forum.pfsense.org/index.php/topic,29924.0.html)

(I think my question in the above post was unclear - moderator, please pardon me for starting a new threat).

(Please bear with me on this -  I was thrown in the deep end when the previous IT manager quit the company)

BACKGROUND:

We are using a webconfigurator gui to manage the proxy. The interface is very similar to this (http://devwiki.pfsense.org/CoreGUI - actually it's exactly the same).

And I can manage it from any of my Windows machines via http://ip-of-the-proxy/login.php.

I need to exclude the CEO's IP from being filtered through the proxy, ie. his IP's traffic(browsing/downloads/etc) must not appear in the reporting section of squid - or put simply, the IP must bypass the proxy.

I know that the line [exclude_hosts 192.168.0.10] must be added to [sarg.conf]

As far as i know, this will mean that [access.log] is affected by not filtering 192.168.0.10.

QUESTION:

With reference to the webconfigurator gui - (keeping in mind that i have [root] access to it):

• under which heading(menu) would i find the option to add(edit) lines in [sarg.conf] ?
• because i've been through every page in the gui and can not find an option to do this.
• i can exclude a host from the cache, but that does not exclude him from the reports.

If you say that this can NOT be done through the web gui as mentioned, then my next dilemma would be this:

On the proxy machine itself, I am presented with the console screen having the following options:

MIG console setup
–---------------
0) Logout (SSH only)

1. Assign Interfaces
2. Set LAN IP address
3. Reboot system
4. Halt system
5. Ping host
6. PFtop (firewall state table)
7. Filter logs
8. Restart webConfigurator

From this point forward, i don't know how to do edit whichever files to exclude a host, because I am not familiar with the linux(freebsd) and squid/squidgaurd commands to do so.

Also, I have over a 100 internet client machines in the building, and can therefore not afford to make a mistake which will cause the internet connection to go down - or screw up the proxy completely for that metter.

Please assist me in whichever way you can. Even just point me in the right direction.

I genuinely appreciate you taking the time to read my post.

Thank you kindly.
Regards,
Jamie.

dvserg

@jamiebond:

I need to exclude the CEO's IP from being filtered through the proxy, ie. his IP's traffic(browsing/downloads/etc) must not appear in the reporting section of squid - or put simply, the IP must bypass the proxy.

Bypass proxy for these source IPs  
Do not forward traffic from these source IPs through the proxy server but directly through the firewall. Separate by semi-colons ( ; ).

jamiebond

Thank you kindly for your reply:

Yes, i have read the manual; and as it stipulates…

Bypass proxy for these source IPs 
Do not forward traffic from these source IPs through the proxy server but directly through the firewall. Separate by semi-colons ( ; ).

...would (normally) be on the page Services/General Settings.

But that option is NOT listed on my machine. (Please see attached pic).

So i was thinking that maybe the XML file, in this case (svc_edit.php?xml=squid.xml) needs to be edited somehow so that the option "Do not forward traffic...." is shown on the page Services/General Settings. The only problem with this is that I do not know how to edit that file(package?)

Any ideas ?

Thanks again.
Jamie.

dvserg

Fresh squid installation

jamiebond

thanks for the reply.

unfortunately a fresh install is not an option since our proxy needs to be up 24/7 so serve 100+ client machines (large hospital).

do you think there might be another way to edit a (xml?) file to simply include the missing lines (refer your attached screenshot).

regards.