Bypass Transparent HTTPS Proxy



  • I have a few Roku Boxes on my Lan that don't like the HTTPS Man in the middle part of the transparent proxy, is there a way I could set up an alias for those devices and then tell them to bypass the proxy but only for the HTTPS part? I still want the HTTP to go through the proxy.

    Thanks in advance.



  • If you do not configure MITM, when configuring transparent proxy, then HTTP flow will go thorough proxy while HTTPS will not.
    Does it fit your expectation?



  • No, I want MITM to work for everything else, I just don't want it to intercept the Roku Boxes.  I have to use transparent proxy otherwise the Roku boxes can not go through the proxy as there are no proxy setting menu on them.



  • Thus you will have to manually update the prerouting rules but then I wonder how this would be kept in case you perform any other modification through GUI  ???



  • And that is were I hit a brick wall.

    I have tried various configurations but I have not had any luck getting it to work.



  • Anyone?



  • I don't think you can carve it up like that.  Ditch the transparent proxy for explicit and your life will be much easier in this regard.


  • Banned

    It's dead simple: stop setting up transparent proxy on interfaces where you do NOT want transparent proxy. IOW - stick those boxes on another separate interface.



  • The reason I use the transparent proxy is because I have content filtering setup, it blocks all the annoying commercials even on the roku.



  • same problem, but I can't solved this problem.  ;D



  • @doktornotor:

    It's dead simple: stop setting up transparent proxy on interfaces where you do NOT want transparent proxy. IOW - stick those boxes on another separate interface.

    Stop using transparent proxy…



  • @lockye:

    The reason I use the transparent proxy is because I have content filtering setup, it blocks all the annoying commercials even on the roku.

    Hi lockye,

    have you ever tried to use a NAT rule in your inbound Interface?
    For me it's working. All devices that don't like SSL interception are in the Group "grp_no_https_interception". That's all.
    You also need to have a firewall rule in place to allow the traffic.




  • THANKYOU

    I had tried something similar but could not get it to work, I must have been missing something.

    I followed your directions and it does what I need it to do. Thanks for including the attachment, very helpful.

    Thanks again



  • @gaf2014:

    @lockye:

    The reason I use the transparent proxy is because I have content filtering setup, it blocks all the annoying commercials even on the roku.

    Hi lockye,

    have you ever tried to use a NAT rule in your inbound Interface?
    For me it's working. All devices that don't like SSL interception are in the Group "grp_no_https_interception". That's all.
    You also need to have a firewall rule in place to allow the traffic.

    hello, can you give rule firewall rule to allow the traffic  ;D (im try make firewall rule same as nat forward but cant bypass https connection)


Log in to reply