Re: [squid-users] log & deny direct web access from Henrik Nordstrom on 2007-10-02 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 02 Oct 2007 13:33:26 +0200

On tis, 2007-10-02 at 12:26 +0200, Reinhard Haller wrote:
> Hi,
>
> I want to log direct web access over port 80 from misconfigured software
> update processes etc.
>
> The firewall logged a lot of access over port 80, the reverse lookup of
> the used addresses is almost
> useless. Therefore I changed the configuration:
>
> pf redirects all connect requests for port 80 to port 3128
>
> #added to squid.conf
> http_port 127.0.0.1:3128 transparent
> acl forwardport myport 3128
> acl forwardip myip 127.0.0.1/255.255.255.255
> http_access deny forwardip forwardport
> # allow access to internet
> http_access allow our_networks !ebay !useragent
>
> Problem: squid 3.0pre6 now works as a perfect transparent proxy.

This is because on intercepted connections myip evaluates to the
originally requested destination IP, not the IP address of the proxy
server.

Instead you can use the urlgroup feature to match these requests.

http_port 3128 transparent urlgroup=direct

any requests accepted by this http_port will then have the urlgroup of
"direct".

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Tue Oct 02 2007 - 05:33:31 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:00 MDT