Squid proxy on FreeBSD

[jamiebond]

Hello, I'm new here. Apologies if I'm in the wrong sub-forum.

(Please bear with me on this - I was thrown in the deep end when the previous IT manager quit the company)

BACKGROUND:
Squid 3 with Squidgaurd on FreeBSD

We are using a webconfigurator gui to manage the proxy/gateway. The interface is very similar to this (h**p://devwiki*pfsense*org/CoreGUI - actually it's exactly the same).

And I can manage it from any of my Windows machines via browser to h**p://ip-of-the-proxy/login.php

>> I need to exclude the CEO's IP from being filtered through the proxy, ie. his IP's traffic(browsing/downloads/etc) must not appear in the reporting section of squid - or put simply, the IP must bypass the proxy.

I know that the line [exclude_hosts ip-of-ceo] must be added to [sarg.conf]

As far as i know, this means that [access.log] is affected by not filtering ip-of-ceo. Or sarg.conf has preference over access.log (?)

QUESTION:

With reference to the webconfigurator gui - (keeping in mind that i have [root] access to it):

- under which heading(menu) would i find the option to add(edit) lines in [sarg.conf] ?

- because i've been through every page in the gui and can not find an option to do this.

- i can exclude a host from the cache, but that does not exclude him from the reports (access.log)

If you say that this can NOT be done through the web gui as mentioned, then my next dilemma would be this:

On the proxy machine itself, I am presented with the console screen having the following options:

MIG console setup
------------------------
0) Logout (SSH only)
1) Assign Interfaces
2) Set LAN IP address
3) Reboot system
4) Halt system
5) Ping host
6) PFtop (firewall state table)
7) Filter logs
Restart webConfigurator

From this point forward, I am clueless and I don't know how to edit whichever files to exclude a host, because I am not familiar with the linux(freebsd) and/or squid commands and directory structure to do so. I am willing to learn and have started reading up on linux commands etc, but at the moment this is matter of urgency and need to get the CEO's IP off the proxy reporting.

Also, I have over a 100 internet client machines in the building, and can therefore not afford to make a mistake which will cause the internet connection to go down - or screw up the proxy completely for that matter.

Please assist me in whichever way you can. Even just point me in the right direction.

I genuinely appreciate you taking the time to read my post.

Thank you kindly.
Regards,
Jamie.

[barriehie]

Should be able to bypass the proxy via the CEO's browser. Otherwise the always_direct directive in the squid.conf file should work but a log entry will still be made. It's been years since FreeBSD and can't remember file locations!

[jamiebond]

Should be able to bypass the proxy via the CEO's browser. Otherwise the always_direct directive in the squid.conf file should work but a log entry will still be made. It's been years since FreeBSD and can't remember file locations!

I don't think you can configure the browser(firefox) on CEO machine to bypass the proxy. Can you ? When I configure the browser to NOT use the proxy, then there is no internet connection.

Please advice.

Thanks again.
Jamie.

[barriehie]

When I'm done with work today I can check out some config options.

[barriehie]

According to the manual the client will have to be configured: Squid 3.0.STABLE25 Configuration File: always_direct

I was thinking something like this would work.

Code:

acl ceo srcdomain "path_to_file/ceo"
always_direct allow ceo

File ceo contains ceo's IP.

[jamiebond]

According to the manual the client will have to be configured: h**p://www(dot)squid-cache.org/Versions/v3/3.0/cfgman/always_direct.html Squid 3.0.STABLE25 Configuration File: always_direct

I was thinking something like this would work.

Code:

acl ceo srcdomain "path_to_file/ceo"
always_direct allow ceo

File ceo contains ceo's IP.

thank you for your reply

if only i could actually do that. ie. edit the .conf files.

please re-read my original post.

on the proxy machine itself i am presented with the following menu - and from there i have no clue.

MIG console setup
------------------------
0) Logout (SSH only)
1) Assign Interfaces
2) Set LAN IP address
3) Reboot system
4) Halt system
5) Ping host
6) PFtop (firewall state table)
7) Filter logs
Restart webConfigurator

----------------------------------------

We are using a webconfigurator gui to manage the proxy/gateway. The interface is very similar to this (h**p://devwiki*pfsense*org/CoreGUI - actually it's exactly the same).

so from my browser i can go to something like....

h**p://192.168.0.2/svc_edit(dot)php?xml=squid.xml&id=0

see attached screenshot(1)

screenshots :

- first screenshot shows MY config page.
- second screenshot from some manual shows the (missing) line i need.

(also, notice the "custom options" box at the bottom of my screenshot - isn't there something we can do there?)

i was thinking in the line of... (see above url)... replacing the [svc_edit.php?xml=squid.xml] part with something else to be able to get to some option where i can exclude the ceo ip.

the biggest problem i have here is that i can not afford to bring the proxy down to reconfigure/reinstall it since this is a large hospital and the proxy needs to be up 24/7 to serve 100+ client machines.

as i've said before, i do have many years experience in IT - just not with linux/squid - and i was thrown in the deep end when the previous admin quit.

any advice would be welcome.

thanks again
regards.

[barriehie]

Is this the product being used for configuration? WebCFG: WebCFG_Start

So, seems like the first thing that needs to happen is get to a prompt on the proxy machine?