Proxy Bypass

we need to do the same type of thing with HTTPS and FTP but are running into problems.

isn't it easier to create https (0.0.0.0:443/0) and ftp (0.0.0.0:21/0) virtual servers and set gateway as a pool?

we have the 0.0.0.0/443 and 0.0.0.0/21 virtual servers set to our proxy pool, we only want specific sites listed in bypass_list to go to the external gateway.

can you try something like this? bypass_ip_list is destination ip address data group.

e.g.

when CLIENT_ACCEPTED {
  if { [class match -- [IP::local_addr] equals bypass_ip_list] } {
    pool External_gateway
  }
}

wouldn't that just create a list of clients that would than be able to bypass the proxy for FTP and HTTPS?

The most immediate problem, I'm assuming here, is that you're trying to get the HTTP host name inside an encrypted 0.0.0.0:443/0 VIP. You would need to decrypt the SSL to know what it was, and that would be difficult given the wildcard config. Can you differentiate the bypass list by IP address instead?

wouldn't that just create a list of clients that would than be able to bypass the proxy for FTP and HTTPS?

i thought it is based on destination (not source/client) because in case of http, you are using HTTP::host.

No need to decrypt the packet. This is a transparent proxy, so the client will have resolved the name to the correct address and [IP::local_addr] will be the remote server's IP address per nitass' example.