4. Transparent Bypass Failures

Transparent Bypass Failures

  • J

    Hi all,

    I am running the latest versions of pfSense, Squid3, and several other packages, but the issue seems to be tied to just an interaction between these two.  Recently I enabled a transparent SSL proxy, imported the CA to the various clients, everything is working fine on that front.  The issue comes in with particular sites that disagree with being intercepted (pinned certs and the like) so they need to be bypassed to work properly.  But in trying it looks like the bypass list is hit-or-miss on if the bypass directive is acknowledged.

    So since some sites require a great number of entries, and to keep things orderly I tried creating a few host alias lists and using those as the bypass pointers.  It generally worked until the lists got a bit long.  So I tired consolidating into a single list, that was no better.  Adding a ; delimited list directly to the squid gui actually broke the whole operation (http://www.lagado.com/proxy-test reported it as sent direct)

    Basically it seems like there's some limit to the number of sites that can be bypassed without issue.  The box I have it running on is decently powerful (dual core, 4GB) for what it's used for and not running short of resources.  Any thoughts on what could be causing the bypass lists to only be part-time bypassed?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy