4. Squid and Blocked Production Servers

Squid and Blocked Production Servers

  • B

    I activated Squid to enable virus scanning and it seems to work well. I got a call this morning that users on the production terminal server servers cannot access a website any more.

    I have a rule to block all internet access accept for the websites I want to allow on servers. So there is an Alias with the IP address and domain names of sites to allow through.

    Now that the traffic is going through Squid sites that worked before no longer work.

    I checked the logs and saw that my rule to block all internet after the allow rules have been processed was blocking 127.0.0.1:3128.

    If I add 127.0.0.1:3128 to the allow list it opens up access to the whole internet which is not good.

    I tried adding:

    acl local-servers dstdomain my.domain.net
    always_direct allow local-servers

    to Custom ACLS (Before Auth) and that didn't change anything.

    Any ideas?

    0
  • K

    i would not recomend squid to use the virus scan, it takes a lot of resources and for what i saw its not that stable, i had this enabled it gave me issues when a user wanted to hear music though itunes or radio fm online

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy