[squid-users] Re: Squid Reverse Proxy. Attempted connections to domains we do not host?

Hi Amos,
 
We did not get a solution to this yet.
 
The work around has been to disable http (port 80) and only run https (port
443) with a firewall in front of the proxy server. This blocked out 100% of
these requests for now but I will need to re-enable it later.
 
How can I disable this open-proxy relaying?

Config:

###
 
visible_hostname domain.com
 
 
https_port 443 accel cert=/usr/newrprgate/CertAuth/cert.cert
key=/usr/newrprgate/CertAuth/key.pem vhost defaultsite=www.domain.com
 
sslproxy_flags DONT_VERIFY_PEER
forwarded_for on
 
#Cache Peer 1
cache_peer one.domain.com parent 443 0 no-query originserver ssl
sslversion=3 connect-timeout=8 connect-fail-limit=2
sslflags=DONT_VERIFY_PEER front-end-https=on name=one login=PASSTHRU
acl sites_one dstdomain one.domain.com
cache_peer_access one allow sites_one
acl http proto http
acl https proto https
 
 
#Cache Peer 2
cache_peer two.domain.com parent 443 0 no-query originserver ssl
sslversion=3 connect-timeout=8 connect-fail-limit=2
sslflags=DONT_VERIFY_PEER front-end-https=on name=two login=PASSTHRU
acl sites_two dstdomain two.domain.com
cache_peer_access two allow sites_two
acl http proto http
acl https proto https
 
http_access allow all
 
header_replace Vary Accept-Encoding
request_header_access All allow all
 
 
###
 
Thanks,
Paul

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Reverse-Proxy-Attempted-connections-to-domains-we-do-not-host-tp4661522p4661988.html
Sent from the Squid - Users mailing list archive at Nabble.com.