Squid security
Hello,
I observe a strange with my squid since I can manage to block 80 port but unable to stop 443. My squid is config on transparent mode. What I mean is I was testing my server from an other location, in console I use following cmd with my server public IP. Code:
HTTP_PROXY=x.x.x.8:3128 elinks Which it should not do that. Any idea to block this . Regards Net_Spy |
Quote:
http://www.linuxquestions.org/questi...621/page3.html Again, as you were told in that thread, https blocking doesn't work with transparent mode, and not just because of that. Squid is an http proxy...it CAN route https traffic, if you compiled that option in. If you followed any of the suggestions on your old thread, or tried looking on the Squid wiki/website, (or even bothered to try Google), you'd find out how to do it: http://squid-web-proxy-cache.1019090...td3537941.html http://www.cyberciti.biz/tips/linux-...uid-howto.html There are MANY more options, but try to think about what you're asking. Https is http SECURE...that means, it's designed to stop man-in-the-middle attacks...which is what Squid is, in this context. You can use iptables to redirect things to another port, or block it, but squid won't do it. Try checking the documentation first. |
Dear you did not get my point here. What I mean is , people are using my proxy server as open proxy when I test my server with above cmd to test. Ive no issue blocking ssl supported website for my internal clients.
Just curious to know how to prevent outside to use my proxy server. Regards Net_Spy |
A properly configured proxy should deny traffic and access from outside of your LAN. My understanding is that this is the default behavior of Squid. You have likely modified the ACL in a manner that is allowing this activity. What have you changed in the ACL rules?
|
Quote:
As Noway2 said...you must have put rules in to allow this. |
Hello,
Well I've gone through the config it does block . when I use HTTP_PORXY=202.x.x.x:3128 elinks . and I normaly browse http://www.yahoo.com it denied that but when I use with like https://www.paypal.com it bypass , this is really strange anyway thanks for hint I'm gonna have review of config file. Regards Net_Spy |
Quote:
Once again: if you want to block https, try looking at the links/information you've been provided several times, and checking Google. This is a VERY common question, with VERY easily found answers: http://squid-web-proxy-cache.1019090...td3537941.html http://www.cyberciti.biz/tips/linux-...uid-howto.html Re-reading your replies, you either have a proxy server that's totally open from the outside (see noway2's reply on that), or you can't block https (see mine and other replies in this thread and your other). Which is it? |
Quote:
Code:
iptables -nvL Code:
netstat -an --inet | grep LISTEN Code:
/sbin/ifconfig Code:
cat /etc/squid/squid.conf | grep -v ^# | grep -v ^$ |
Maybe you can try this:
http://wiki.squid-cache.org/ConfigEx...cept/LinuxDnat note: in the link there is the word "Intercept" , don't burn me for this....lol Code:
# your proxy IP or Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT or try to create in your hosts fle a fake 127.0.0.1 .domain.com , the dot before the domain is important Regards |
Quote:
|
At this point, I ask everyone to withhold further replies until the OP posts the requested output.
|
How does Adblock do it?
Kaspersky can also block some Ads and how the do it? |
Quote:
AGAIN, as you were told before, you can block HTTPS with an IP tables rule, but NOT for just some sites, unless they have static IP addresses. Stop re-opening old threads, if you're not going to be bothered reading what's IN them. |
All times are GMT -5. The time now is 03:23 PM. |