Re: [squid-users] log & deny direct web access

From: Reinhard Haller <[email protected]>
Date: Tue, 02 Oct 2007 15:54:07 +0200

Hi Henrik,

Henrik Nordstrom schrieb:
> On tis, 2007-10-02 at 12:26 +0200, Reinhard Haller wrote:
>
>> Hi,
>>
>> I want to log direct web access over port 80 from misconfigured software
>> update processes etc.
>>
>> The firewall logged a lot of access over port 80, the reverse lookup of
>> the used addresses is almost
>> useless. Therefore I changed the configuration:
>>
>> pf redirects all connect requests for port 80 to port 3128
>>
>> #added to squid.conf
>> http_port 127.0.0.1:3128 transparent
>> acl forwardport myport 3128
>> acl forwardip myip 127.0.0.1/255.255.255.255
>> http_access deny forwardip forwardport
>> # allow access to internet
>> http_access allow our_networks !ebay !useragent
>>
>> Problem: squid 3.0pre6 now works as a perfect transparent proxy.
>>
>
> This is because on intercepted connections myip evaluates to the
> originally requested destination IP, not the IP address of the proxy
> server.
>
> Instead you can use the urlgroup feature to match these requests.
>
> http_port 3128 transparent urlgroup=direct
>
> any requests accepted by this http_port will then have the urlgroup of
> "direct".
>
> Regards
> Henrik
>
urlgroup is not yet ported to 3.0pre6/7

Thanks
Reinhard
Received on Tue Oct 02 2007 - 07:54:52 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:00 MDT