Squid Reverse Proxy

  • Hello all, I have made it to configure the Squid Reverse Proxy and made it work, HTTP so far, but going to make it working with HTTPS.

    My main question is security, the ideia is this. I what it to map my WAN interface to my DMZ zone, so I did this:

    • Activated Squid Reverse Proxy

    • Mapped port 80

    • Added the server and the mapping

    • Added a rule to WAN to allow pass on port 80

    Question, is this safe? Opening the port 80? If someone makes a port scan to my IP and scans port 80, will squid block because the DNS does not match?

    Second Question.
    I whant the DNS to be avauleble on the LAN side as well, so I did this:

    • Added a DNS Host Overrides on DNS Resolver to my interface on the DMZ Network

    This works, but I had to Disable DNS Rebinding Checks, not fun of that, but I was not able to make it work other way.

    So with this configuration if I acess my DNS from outside, the firewall lets pass traffic on the port 80 to the Reverse Proxy, the reverse proxy maps it to my DMZ service on the DMZ network. If I access it from inside my home, the DNS Resolver changes the DNS IP to my DMZ network, the traffic goes to the Reverse proxy, and by there mapped to the according DMZ service.

    Is this secure? Or by doing this I'm asking for problems or possible attacks?

    Thank You all

  • Ok, I have HTTPS Reverse Proxy working, I get a valid ssl connection to my services that are being handled by the Proxy.

    Adding a new question to the previews post. I can see a valid ssl connection to my service in chrome, but this is the connection between my pc and the proxy correct? How can I validate that the proxy is making a valid ssl connection with the service?

    Thank You

Log in to reply