Hi Henrik,
Henrik Nordstrom schrieb:
On tis, 2007-10-02 at 12:26 +0200, Reinhard Haller wrote:
Hi,
I want to log direct web access over port 80 from misconfigured software
update processes etc.
The firewall logged a lot of access over port 80, the reverse lookup of
the used addresses is almost
useless. Therefore I changed the configuration:
pf redirects all connect requests for port 80 to port 3128
#added to squid.conf
http_port 127.0.0.1:3128 transparent
acl forwardport myport 3128
acl forwardip myip 127.0.0.1/255.255.255.255
http_access deny forwardip forwardport
# allow access to internet
http_access allow our_networks !ebay !useragent
Problem: squid 3.0pre6 now works as a perfect transparent proxy.
This is because on intercepted connections myip evaluates to the
originally requested destination IP, not the IP address of the proxy
server.
Instead you can use the urlgroup feature to match these requests.
http_port 3128 transparent urlgroup=direct
any requests accepted by this http_port will then have the urlgroup of
"direct".
Regards
Henrik
urlgroup is not yet ported to 3.0pre6/7
Thanks
Reinhard
