Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent Bypass Failures

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 819 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RegalMonkey
      last edited by

      Hi all,

      I am running the latest versions of pfSense, Squid3, and several other packages, but the issue seems to be tied to just an interaction between these two.  Recently I enabled a transparent SSL proxy, imported the CA to the various clients, everything is working fine on that front.  The issue comes in with particular sites that disagree with being intercepted (pinned certs and the like) so they need to be bypassed to work properly.  But in trying it looks like the bypass list is hit-or-miss on if the bypass directive is acknowledged.

      So since some sites require a great number of entries, and to keep things orderly I tried creating a few host alias lists and using those as the bypass pointers.  It generally worked until the lists got a bit long.  So I tired consolidating into a single list, that was no better.  Adding a ; delimited list directly to the squid gui actually broke the whole operation (http://www.lagado.com/proxy-test reported it as sent direct)

      Basically it seems like there's some limit to the number of sites that can be bypassed without issue.  The box I have it running on is decently powerful (dual core, 4GB) for what it's used for and not running short of resources.  Any thoughts on what could be causing the bypass lists to only be part-time bypassed?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.