Re: [squid-users] log & deny direct web access

From: Amos Jeffries <squid3@dont-contact.us>
Date: Wed, 03 Oct 2007 00:15:14 +1300

Reinhard Haller wrote:
> Hi,
>
> I want to log direct web access over port 80 from misconfigured software
> update processes etc.
>
> The firewall logged a lot of access over port 80, the reverse lookup of
> the used addresses is almost
> useless. Therefore I changed the configuration:
>
> pf redirects all connect requests for port 80 to port 3128
>
> #added to squid.conf
> http_port 127.0.0.1:3128 transparent
> acl forwardport myport 3128
> acl forwardip myip 127.0.0.1/255.255.255.255
> http_access deny forwardip forwardport
> # allow access to internet
> http_access allow our_networks !ebay !useragent
>
> Problem: squid 3.0pre6 now works as a perfect transparent proxy.
>
> Whats's wrong?
>

I'd say you have mistaken the phrase 'redirects all traffic to a local
port' in the REDIRECT documentation as meaning 'localhost port'. When in
fact it just means 'a local-machine port'.

Think of the REDIRECT as a diversion making the client request from
squid, not some other machine. The client just doesn't know it.

Amos
Received on Tue Oct 02 2007 - 05:15:18 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:00 MDT