pfSense Gold Subscription

Author Topic: Allow .exe through squid proxy  (Read 2193 times)

0 Members and 1 Guest are viewing this topic.

Offline mrsquash2

  • Newbie
  • *
  • Posts: 7
    • View Profile
Allow .exe through squid proxy
« on: October 05, 2012, 11:38:10 am »
Hello everyone!

I have an exe that initializes an activex application. In order to work properly the exe needs to be able to access the internet without being blocked by the proxy. However, within squid I don't see anywhere that I would go to allow this functionality.

Does anyone have any tips on how to accomplish this?

Thanks

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9930
    • View Profile
Re: Allow .exe through squid proxy
« Reply #1 on: October 05, 2012, 01:09:30 pm »
if it's on a single machine, just allow it's ip.

Are you using transparent proxy?

Offline mrsquash2

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Allow .exe through squid proxy
« Reply #2 on: October 05, 2012, 01:34:48 pm »
Yes, I am using transparent proxy.

The .exe file is on about 60 machines so I would like to let the .exe pass through the proxy for all systems on my domain.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9930
    • View Profile
Re: Allow .exe through squid proxy
« Reply #3 on: October 05, 2012, 01:52:00 pm »
if your change your .exe file to fetch it via https, it will not be filtered by squid.

Offline mrsquash2

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Allow .exe through squid proxy
« Reply #4 on: October 05, 2012, 01:55:35 pm »
Unfortunately, the .exe is part of a distributed package from a 3rd party vendor. Therefore I cannot alter their software.

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2752
    • View Profile
Re: Allow .exe through squid proxy
« Reply #5 on: October 05, 2012, 02:00:28 pm »
you can bypass the proxy for a destination IP.
So if your exe is connecting to always the same IP (range) then add this to the bypass list on squid GUI.

Offline mrsquash2

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Allow .exe through squid proxy
« Reply #6 on: October 05, 2012, 02:33:20 pm »
Isn't the bypass list something that allows an internal client to bypass the proxy all together?

The only thing I have found so far to test is:

edit the squid.inc file

$rules .= "\n# Setup Squid proxy redirect\n";
         if ($squid_conf['private_subnet_proxy_off'] == 'on') {
            foreach ($ifaces as $iface) {
               $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n";

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9930
    • View Profile
Re: Allow .exe through squid proxy
« Reply #7 on: October 05, 2012, 03:10:14 pm »
this rule says to do not forward traffic to squid for these ips

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2752
    • View Profile
Re: Allow .exe through squid proxy
« Reply #8 on: October 06, 2012, 05:55:34 am »
Isn't the bypass list something that allows an internal client to bypass the proxy all together?
(...)

It depends on what you allow to bypass. You can bypass the proxy by SOURCE IP or you can bypass the proxy by DESTINATION IP.

If you allow by SOURCE IP you are right, the host will bypass the proxy at all.
That's why I said you should use DESTINATION IP. Then the proxy will only be bypassed for this dest. IP but all other IPs must pass the proxy.

Offline mrsquash2

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Allow .exe through squid proxy
« Reply #9 on: October 08, 2012, 07:47:12 am »
When I go to Services > Proxy Server I have the option "Bypass proxy for these source IPs" with a description of "Do not forward traffic from these source IPs through the proxy server but directly through the firewall. Separate by semi-colons (;)."

Are you saying that I can put DESTINATION IPs in here as well?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9930
    • View Profile
Re: Allow .exe through squid proxy
« Reply #10 on: October 08, 2012, 08:05:27 am »
Are you saying that I can put DESTINATION IPs in here as well?

Isn't the next field ..Bypass proxy for these destination IPs ?
Do not proxy traffic going to these destination IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]

Offline mrsquash2

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Allow .exe through squid proxy
« Reply #11 on: October 08, 2012, 08:15:02 am »
I don't have that option.

I'm using:

Squid v2.7.8_1
SquidGuard v1.3-2
Lightsquid v1.7.1 pkg v.1.2

Do I need to upgrade to a newer version?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9930
    • View Profile
Re: Allow .exe through squid proxy
« Reply #12 on: October 08, 2012, 08:40:39 am »
Do I need to upgrade to a newer version?

It's on both squid versions (2.7.9 pkg v.4.3.1 and 3.1.20 pkg 2.0.5_5) on first package gui tab for a long time.

Offline mrsquash2

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Allow .exe through squid proxy
« Reply #13 on: October 08, 2012, 09:37:52 am »
Upgraded to 2.7.9 pkg v.4.3.1 and added the IP DESTINATION bypass.

All seems to be working now.

Thanks!