I'm running a Squid proxy and want to exclude a certain web address that is accessed over a non-standard port from going through the proxy, rather than open the port in an ACL within squid.conf (seems its a specific usage case).
In my case the port in question TCP 2222 (DirectAdmin) over both http:// and https://. I wasn't sure if this was actually possible to do without opening the port itself, but I did find several articles about bypassing URL's with non standard ports with PAC/WPAD. I've tried a ruleset like the one below, which sets a wildcard for the TLD and specific rules for the non-standard port URL.
if (shExpMatch(host, "*.somedomain.com") ||
shExpMatch(url, "http://example.somedomain.com:2222/*") ||
shExpMatch(url, "https://example.somedomain.com:2222/*"))
return "DIRECT";
Using pactester, I am getting the correct response of DIRECT from a rule test
pactester -p /path/to/wpad.dat -u http://example.somedomain.com
DIRECT
pactester -p /path/to/wpad.dat -u http://example.somedomain.com:2222
DIRECT
pactester -p /path/to/wpad.dat -u https://example.somedomain.com:2222
DIRECT
However it appears the request is still being sent through the proxy as I get "Proxy is refusing connections" etc in a web browser. The port itself is not blocked, I can telnet to it, but the Sqiud ACL doesn't have the port allowed. Though this is what I am trying to avoid doing, and surely the DIRECT response means bypass?
Is this actually possible to achieve with a PAC/WPAD with non-standard ports, or their an alternative way to bypass and send directly for this specific case?
Best Answer
Original config
Are you sure this shouldn't be
You might be trying to visit example.somedomain.co.uk but your condition is written for example.somedomain.com and so it keeps hitting the proxy?