Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Port 443 traffic bypass Squid Web Proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port 443 traffic bypass Squid Web Proxy (Read 1376 times)
vico1959
Newbie
Posts: 44
Karma: 0
Port 443 traffic bypass Squid Web Proxy
«
on:
April 10, 2024, 12:43:05 am »
I am trying to figure out if there is a host exclude list when using the Squid Proxy. Basically I have a server behind the firewall that needs an unfiltered port 443 access to download updates from IBM. It will not work through any sort of proxy as it has to have its own certificate and such so it needs a direct connection. Is there any way that I can bypass the Squid proxy for a particular host behind the firewall like that?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Port 443 traffic bypass Squid Web Proxy
«
Reply #1 on:
April 10, 2024, 07:46:32 am »
Put the host on a different subnet/VLAN. If your security policy involves Squid, you need to securely handle exceptions. Any client on the LAN can spoof an IP on the exception list if they share a subnet.
Logged
vico1959
Newbie
Posts: 44
Karma: 0
Re: Port 443 traffic bypass Squid Web Proxy
«
Reply #2 on:
April 10, 2024, 10:48:31 pm »
Well, the issue with that is this is a production server with our main app on there so it needs to be completely accessible by clients on the network. I could do some fancy routing configurations and it "might" work but this is an old AS/400 app and there are a lot of hard coded IP settings in there and if it is even possible to get working, support would never support it when there was an issue. Besides, it would be so much easier to have an exclude option in the proxy for specific hosts for these situations. I understand the security concern but I'm just using the web filtering to keep the honest folks out of trouble anyway because anyone who really knows what they are doing can find other ways.
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1601
Karma: 176
Re: Port 443 traffic bypass Squid Web Proxy
«
Reply #3 on:
April 11, 2024, 11:16:50 am »
You can clone the port forward rule that Redirects clients to squid.
You put that rule before the other (squid) Port forward rule, and enable "No RDR (NOT)" and specify the "Source" to an Alias that contains all the IPs in your network that should not go to the proxy.
Logged
Hardware:
DEC740
vico1959
Newbie
Posts: 44
Karma: 0
Re: Port 443 traffic bypass Squid Web Proxy
«
Reply #4 on:
May 03, 2024, 09:35:52 pm »
Sorry for my late reply, I got inundated with some more pressing projects. Thank you, that sounds like a good possible work around. I appreciate your input.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Port 443 traffic bypass Squid Web Proxy