How to bypass an upstream proxy for a specific domain

Article #:

Product

Castle

1572

 

 

Summary

 

Problem

An upstream proxy is in use but some domains should not be requested via the upstream proxy

This can be solved using the upstream proxy section and the filters associated with that section. The final setup does have to use a bit of reverse logic though.

Solution

1. Define the upstream proxy — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/upstreamproxies.htm
2. Define a destination upstream proxy filter, including the domain you want to bypass the upstream proxy for — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/upstreamfilters.htm
3. Go to the Manage policies page, and configure the following:
Default upstream proxy — None
Allow direct connections — Selected
Leak client IP with X-forwarded-For header — Not selected
4. Add the following policies:
A policy to block the destination filter from going to the upstream proxy
A policy to allow everything else to the upstream proxy

Ensure the policies are the order listed above. The logic sequence is: If you're going to the destination, we don't want to be sent via the upstream proxy. Deny the destination from going via the upstream proxy. If we are going anywhere else but the filter destination, use the upstream proxy. What's left is the destination filter and the "no default upstream proxy" setting so the destination filter traffic will use that.

5. Save and restart the web proxy — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/proxy.htm.

Attribution:

Last updated:

Author:

Contributions by:

25 August 2016

 

Tanja

 

Copyright © 2000-2016 Smoothwall All rights reserved.