On tis, 2007-10-02 at 12:26 +0200, Reinhard Haller wrote: > Hi, > > I want to log direct web access over port 80 from misconfigured software > update processes etc. > > The firewall logged a lot of access over port 80, the reverse lookup of > the used addresses is almost > useless. Therefore I changed the configuration: > > pf redirects all connect requests for port 80 to port 3128 > > #added to squid.conf > http_port 127.0.0.1:3128 transparent > acl forwardport myport 3128 > acl forwardip myip 127.0.0.1/255.255.255.255 > http_access deny forwardip forwardport > # allow access to internet > http_access allow our_networks !ebay !useragent > > Problem: squid 3.0pre6 now works as a perfect transparent proxy. This is because on intercepted connections myip evaluates to the originally requested destination IP, not the IP address of the proxy server. Instead you can use the urlgroup feature to match these requests. http_port 3128 transparent urlgroup=direct any requests accepted by this http_port will then have the urlgroup of "direct". Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part