Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3: How to set HTTPS bypass ONLY for certain clients, but leave HTTP proxied

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 771 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pistolero
      last edited by

      Hi all,

      Any way to set HTTPS bypass ONLY for certain clients, but leave HTTP proxied in transparent mode? I am currently running DansGuardian on 2.1.5, and since it is capturing all HTTP traffic and then forwarding to Squid, I am effectively only bypassing HTTPS from the Squid config. I will jettison DG out the airlock once I upgrade to 2.2, so how can I keep all HTTP traffic proxied, while only bypassing HTTPS filtering for a handful of clients?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        As you're forwarding it via firewall nat/rules, just create a no nat rule before with your client ips.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • P
          Pistolero
          last edited by

          @marcelloc:

          As you're forwarding it via firewall nat/rules, just create a no nat rule before with your client ips.

          Thank you, Marcello!

          So, if I understand correctly, I create a rule that instead of forwarding the client's IP outgoing traffic from port 80 to port 8080 on the LAN interface (like I have with DansGuardian), I create a rule to forward port 80 outgoing traffic on the LAN interface to port 3128? so even if the proxy is set to bypass traffic from that IP in transparent mode, it will still force HTTp to be proxied, and HTTPS to be bypassed?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.