1. Home
  2. pfSense Packages
  3. Cache/Proxy
  4. Transparent Bypass Failures

Transparent Bypass Failures

  • J

    Hi all,

    I am running the latest versions of pfSense, Squid3, and several other packages, but the issue seems to be tied to just an interaction between these two.  Recently I enabled a transparent SSL proxy, imported the CA to the various clients, everything is working fine on that front.  The issue comes in with particular sites that disagree with being intercepted (pinned certs and the like) so they need to be bypassed to work properly.  But in trying it looks like the bypass list is hit-or-miss on if the bypass directive is acknowledged.

    So since some sites require a great number of entries, and to keep things orderly I tried creating a few host alias lists and using those as the bypass pointers.  It generally worked until the lists got a bit long.  So I tired consolidating into a single list, that was no better.  Adding a ; delimited list directly to the squid gui actually broke the whole operation (http://www.lagado.com/proxy-test reported it as sent direct)

    Basically it seems like there's some limit to the number of sites that can be bypassed without issue.  The box I have it running on is decently powerful (dual core, 4GB) for what it's used for and not running short of resources.  Any thoughts on what could be causing the bypass lists to only be part-time bypassed?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy