Thank you Amos.
I have the following at squidguard:
default {
pass !porn !adv !drugs !custom any
redirect http://localhost:10080/error.php
}
I have the following at squidguard:
default {
pass !porn !adv !drugs !custom any
redirect http://localhost:10080/error.php
}
Which when squid in intercept mode the user is "redirected" to error page. I'm not sure if squidguard is rewriting or redirecting.
With squid in tproxy mode the user gets the squid error page "The Requested URL cannot be retrieved: network unreachable 101 ... "
I did replace this squid error page with my custom and it can be displayed to user, though this means that I will not be able to discern connections errors from deny errors.
I would prefer not to do this dirty trick and have a more clean approach.
Attempts to resolve it through routing table hacks were not successful also.
Attempts to resolve it through routing table hacks were not successful also.
On Sun, May 14, 2017 at 3:16 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 14/05/17 01:59, Abi Askushi wrote:
Hi,
I have setup squid (v 3.1.20) with tproxy and relevant iptables and policy routes. It is functioning ok except one thing, squid is not able to redirect to deny page (located on same device) and it gives error "101 network unreachable". I have squidguard in the setup as a helper program and squidguard is doing the redirection to a page on localhost. With squid in intercept mode this redirection to deny page is ok. I have also disabled rpfilter in kernel. I may provide more details on configs if needed.
Did anyone encounter this? Any ideas?
It is not possible to use a global IP address (eg the spoofed client IP) to connect to any machines lo (localhost) interface.
So Squid is not able to perform TPROXY spoofing to fetch the page your SG is *re-writing* (not redirecting) the URL to. If you actually are redirecting then the client cannot connect to the web server running in *its* localhost interface.
PS. please upgrade, no up to date OS releases I'm aware of still ship Squid-3.1.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
