Re: [squid-users] Put all port 80, 443 http https rtmp connections from openvpn through squid?

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Sat, 11 Aug 2012 20:33:35 +0300

On 8/11/2012 8:23 PM, J Webster wrote:
> squid is a http proxy and not rtmp.
>> rtmp use other ports then 80\443 and cannot be used over squid(you can
>> if it's tcp and you allow CONNECT and unsafe ports which is not safe..
>> and will make the vpn connection vulnerable and maybe useless)
>>
>> if you have a solid reason to do so it can be a nice project to try.
>>
>> a more simple way is to assign dedicated IP for each certificate\client.
>>
>> Regards,
>> Eliezer
>>
> The reason I asked about rtmp is that many sites you access the video
> via the web browser but it sends it back via rtmp.
> So, this is not possible through squid at all?
> However, it is possible in a direct connection. So, can you allow 80,443
> to go through squid but accept the return directly if on rtmp? probably
> not.
rtmp can be used on squid with a big BUT.
since rtmp is a tcp protocol you must allow a CONNECT and destination
ports to be used through the proxy.
but it's not such a safe and good idea to do so.
since the squid box is a router in your case and you will intercept the
port 80\443 rtmp will not have any trouble if you do use NAT for
outgoing connections since rtmp works on other ports then 80 and 443.

>
> So, assign a static IP to a certificate and then have squid log by IP
> address, then have a program match up the ip at the time with the client
> name?
exactly.
squid always logs by ip and can add username so if you have static ip
you can always know to match the client ip to specific user.
if you will want to be more "sophisticated" you can use reverse dns to
name the static ip's into user ids so any logs software such as
calamaris can show you the used id.

Regards,
Eliezer

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
Received on Sat Aug 11 2012 - 17:33:54 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 12 2012 - 12:00:03 MDT