[squid-users] Allow some domains to bypass Squid

Nicolas Kovacs info at microlinux.fr
Sun Mar 11 08:07:16 UTC 2018


Hi,

I have Squid setup as a transparent HTTP+HTTPS proxy in my local
network, using SSL-Bump.

The configuration works quite nicely, according to
/var/log/squid/cache.log and /var/log/squid/access.log.

This being said, I am having trouble with a handful of domains like
Github, or my OwnCloud installation. I have an OwnCloud server installed
at https://cloud.microlinux.fr, and everytime I fire up a client, I have
to confirm the use of an untrusted certificate. And on my workstation, I
can't connect to my Github repository anymore. Here's the error I get.

  # git pull
  fatal: unable to access 'https://github.com/kikinovak/centos-
  7-desktop-kde/': Peer's certificate issuer has been marked as not
  trusted by the user.

So I thought the best thing to do is to create an exception for this
handful of domains with issues.

Can I configure some domains to simply bypass the proxy in my current
(transparent) setup? Ideally, the configuration should be able to read a
simple text file containing said domains, something like
/etc/squid/bypass-these-domains.txt. And then these bypass the proxy and
get treated regularly, as if there was no proxy?

Cheers,

Niki
-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32


More information about the squid-users mailing list