On 21/05/20 3:49 am, Ben Goz wrote: > B.H. > > I'm using squid with c-icap module for specific content filtering. I > configured squid with ssl bump so website with WSS won't work on it as > mentioned on squid documentation. So for such URLs (with WSS) I need > bypassing squid. I read in some posts that squid doesn't fully supports > bypassing URLs and best way is to bypasses it via iptables. > > Eventually I redirects browser traffic to my proxy machine using local > machine proxy settings, and Its redirects traffic to my machine with IP > x.x.x.x port 3128. > > If I want to use the conservative iptables bypassing how should I config > my machine? and how iptables rules should looks like? > Since you are redirecting the traffic to Squid in the first place. All you have to do is *not* redirect the relevant traffic. See your firewall software documentation on how to configure that. The hard part is figuring out which traffic you want the proxy to service, and what to bypass given only a TCP SYN packet. Be aware that once a TCP SYN+ACK packet is delivered to accept the connection Squid *has* to service that TCP connection in its entirety. Such 'service' may mean terminating it without any traffic, tunneling it elsewhere, or full processing of the traffic. Either way Squid is the agent servicing it. You cannot have iptables suddenly divert packets to other software mid-stream. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
