ClearFoundation

Documentation Howtos Non-transparent Proxy and Content Filter Bypass

Non-transparent Proxy and Content Filter Bypass

Overview

If you are using the proxy server (squid) or content filter (dansguardian) in non-transparent mode you may come across some sites that just do not work because of some weird chaining, authentication, or port manipulation. This howto can help address and resolve these issues. This can often be the case for instance with Sharepoint or Outlook Web Access (OWA).

Technical Explanation

The web proxy bypass section basically creates firewall rules that intercept listed items while they flow across the firewall and pipe them directly to the site. For transparent mode content filtration and proxy, this means that the packets are snatched before they are redirected to the proxy (3128) or the content filter (8080).

Since non-transparent use of the content filter or the proxy server requires setting the client to push web traffic to the server directly rather than across it, the firewall cannot grab any such packet and manipulate its flow. Moreover, web request packets and proxy web request packets look very different, so even if it could it wouldn't work.

The answer to this problem lies in using both the client that is specifically using the proxy and adding the exception there in addition to the web proxy bypass.

Setup

Configure the site you want bypassed in the web proxy bypass section of the the gateway. For servers running ClearOS as their gateway, this is done here: Gateway » Proxy and Filtering » Web Proxy » Web Site Bypass. If ClearOS is not your Firewall/Gateway, simply allow all clients on the local network to egress to that site.

In the Web Proxy Bypass, specify an name (no spaces or special characters, hyphens and underscores are ok). Add either the Domain Name, IP Address, or CIDR of the site. CIDR is recommended. Click 'Add'.

For this example, we will use the Nickname 'Sharepoint' and the Domain/IP of 'sharepoint.example.com'. Next, configure the client to override the proxy setting for that site.

Windows Registry Setting

You can push this setting out to your Windows workstations using this registry setting example:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"="sharepoint.example.com;<local>"

Create a text file. Copy the code above and paste it into the text file. Save the changes. Rename the text file to something like 'webbypass.reg'. Double click to add to the local machine.

Manipulation of Windows registry entries can be dangerous. This registry entries has not been tested on all versions of Windows at this time, use at your discretion.

Windows XP, and Windows 2003 Server

Click on Start » Control Panel » Internet Options.

Then find the Exemption list Connections »LAN Settings…»Advanced.

Add any number of sites to this list but separate your entries with a semicolon (;).

Mac OSX

Navigate to the network settings. Apple icon (upper left)»Show All»Internet & Wireless»Network

Find the proxy settings Advanced»Proxies»Bypass proxy settings for these Hosts & Domains.

Insert the Hostname, IP address, or CIDR of the site separated by commas (,).



Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Share Alike 3.0 Unported
Video demonstrations - Copyright © 2010 ClearCenter Corporation