Squid blocking app's web socket to 127.0.0.1?

AR15USR

Bump..

aGeekhere

What are your firewall rules? Looks like it is getting blocked by a rule, are you forcing your router to be the DNS server? , does this program use a DNS server other then your server?

AR15USR

Screenshots attached. I didn't add the block 80-443 rule because I have a machine that needs to bypass the proxy FYI.

Nachtfalke

Depends on what squid mode you are using.

transparent mode - then just add 127.0.0.1 to "bypass proxy for these destination IP"
non-transparent mode - then add this IP address 127.0.0.1 to your PROXY.PAC file or configure your browser to bypass this destination IP address.

AR15USR

@Nachtfalke:

non-transparent mode - then add this IP address 127.0.0.1 to your PROXY.PAC file or configure your browser to bypass this destination IP address.

What code exactly do I use for that?
Here is what I currently have:

function FindProxyForURL(url, host) 
{ 
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";

        if (isInNet(dnsResolve(host), "192.168.2.0",  "255.255.255.0" ))
        { return "DIRECT"; }

    return "PROXY 192.168.1.1:3128";
} 

Nachtfalke

This could help:

    if (isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
        isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
        isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
        isInNet(dnsResolve(host), "169.254.0.0", "255.255.0.0") ||
        isInNet(dnsResolve(host), "240.0.0.0", "240.0.0.0") ||
        isInNet(dnsResolve(host), "127.0.0.0", "255.0.0.0"))
    {
    return "DIRECT";
    }

or

    if (shExpMatch(host, "*.local") ||
		shExpMatch(host, "*.localhost") ||
		shExpMatch(host, "127.0.0.1"))
    {
    return "DIRECT";
    }

And I would always use this on top:

// Normalize the URL for pattern macthing
url = url.toLowerCase();
host = host.toLowerCase();

AR15USR

@Nachtfalke:

This could help:

    if (isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
        isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
        isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
        isInNet(dnsResolve(host), "169.254.0.0", "255.255.0.0") ||
        isInNet(dnsResolve(host), "240.0.0.0", "240.0.0.0") ||
        isInNet(dnsResolve(host), "127.0.0.0", "255.0.0.0"))
    {
    return "DIRECT";
    }

or

    if (shExpMatch(host, "*.local") ||
		shExpMatch(host, "*.localhost") ||
		shExpMatch(host, "127.0.0.1"))
    {
    return "DIRECT";
    }

And I would always use this on top:

// Normalize the URL for pattern macthing
url = url.toLowerCase();
host = host.toLowerCase();

Thanks Nachtfalke, this seems to have worked. I don't see it in my Squid logs anymore. I still see it in the firewall logs but its not being blocked now..

AR15USR

OK, so its been a couple months and this is still working great except for the firewall log entries. They are taking up about 50% of my log at this point.  Do you know how to stop the logging of it?

Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:64605	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:64605	  127.0.0.1:53	UDP
Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:44799	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:44799	  127.0.0.1:53	UDP
Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:11717	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:11717	  127.0.0.1:53	UDP
Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:4938	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:4938	  127.0.0.1:53	UDP
Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:27865	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:27865	  127.0.0.1:53	UDP
Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:15276	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:15276	  127.0.0.1:53	UDP
Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:61394	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:61394	  127.0.0.1:53	UDP
Sep 2 05:45:03	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:63615	  127.0.0.1:53	UDP
Sep 2 05:45:03	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:63615	  127.0.0.1:53	UDP
Sep 2 05:45:02	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:58802	  127.0.0.1:53	UDP
Sep 2 05:45:02	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:58802	  127.0.0.1:53	UDP
Sep 2 05:45:02	lo0	pass IPv4 loopback (1000004761)	  127.0.0.1:1871	  127.0.0.1:53	UDP
Sep 2 05:45:02	► lo0	let out anything IPv4 from firewall host itself (1000004765)	  127.0.0.1:1871	  127.0.0.1:53	UDP

Nachtfalke

Status –> System Logs --> Settings
Dsiable "Log packets matched from the default pass rules put in the ruleset"

OR

Create a specific Firewall rule with destination "127.0.0.1" , action=allow and port=any and source=any and siable logging.
So traffic will match this specific rule and will be allowed but not logged.

AR15USR

@Nachtfalke:

Status –> System Logs --> Settings
Dsiable "Log packets matched from the default pass rules put in the ruleset"

OR

Create a specific Firewall rule with destination "127.0.0.1" , action=allow and port=any and source=any and siable logging.
So traffic will match this specific rule and will be allowed but not logged.

Well, your first suggestion stops all pass logging it seems. The second suggestion didn't work. I'm guessing since the traffic is on the lo0 interface?