Transparent Bypass Failures



  • Hi all,

    I am running the latest versions of pfSense, Squid3, and several other packages, but the issue seems to be tied to just an interaction between these two.  Recently I enabled a transparent SSL proxy, imported the CA to the various clients, everything is working fine on that front.  The issue comes in with particular sites that disagree with being intercepted (pinned certs and the like) so they need to be bypassed to work properly.  But in trying it looks like the bypass list is hit-or-miss on if the bypass directive is acknowledged.

    So since some sites require a great number of entries, and to keep things orderly I tried creating a few host alias lists and using those as the bypass pointers.  It generally worked until the lists got a bit long.  So I tired consolidating into a single list, that was no better.  Adding a ; delimited list directly to the squid gui actually broke the whole operation (http://www.lagado.com/proxy-test reported it as sent direct)

    Basically it seems like there's some limit to the number of sites that can be bypassed without issue.  The box I have it running on is decently powerful (dual core, 4GB) for what it's used for and not running short of resources.  Any thoughts on what could be causing the bypass lists to only be part-time bypassed?


Log in to reply