How many websites are users complaining do not work with the proxy cache and must be bypassed? We use Mikrotik to redirect to Squid and its very infrequent that a site does not work with it. We had many issues back when we used the older Squid built in 2.9.x but since updating to the newer stable releases virtually no issues for past year. But there is always that rare issue.
Is it possible to do something like: to bypass the transparent proxy tap CTRL-F5 three times in a row and then the source destination pair will be added to an address list for say ~3 hours that is not transparently cached?
At this again. The CTRL-F5 thing just did not work due to multiple will be sent for each object on page so counting them was not possible. So instead I look for someone appending a ?nocache to end of URL. Came up with mangle rules below.
Although I wonder if rather then looking for GET in the outgoing packet to be double sure its an HTTP request I think it might be better to look and make sure POST is not there?
Then add this before your DST-NAT rule that redirects to the web-cache.
/ip firewall nat
add action=accept chain=dstnat comment=“Bypass Sites Accessed With ?nocache” dst-address-list=nocache_dst src-address-list=nocache_src
The biggest problem I have found is persistant connections. After ?nocache is added and the source and destination are in the address lists the proxy will not be instantly bypassed. Either you must wait about 10+ seconds without doing anything for HTTP connection to proxy to time out or close and reopen the browser. Any ideas there?