Search squid archive

Re: log & deny direct web access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On tis, 2007-10-02 at 12:26 +0200, Reinhard Haller wrote:
> Hi,
> 
> I want to log direct web access over port 80 from misconfigured software 
> update processes etc.
> 
> The firewall logged a lot of access over port 80, the reverse lookup of 
> the used addresses is almost
> useless. Therefore I changed the configuration:
> 
> pf redirects all connect requests for port 80 to port 3128
> 
> #added to squid.conf
> http_port 127.0.0.1:3128 transparent
> acl forwardport myport 3128
> acl forwardip myip 127.0.0.1/255.255.255.255
> http_access deny forwardip forwardport
> # allow access to internet
> http_access allow our_networks !ebay !useragent
> 
> Problem: squid 3.0pre6 now works as a perfect transparent proxy.

This is because on intercepted connections myip evaluates to the
originally requested destination IP, not the IP address of the proxy
server.

Instead you can use the urlgroup feature to match these requests.

http_port 3128 transparent urlgroup=direct

any requests accepted by this http_port will then have the urlgroup of
"direct".

Regards
Henrik

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux