Disable web GUI access when running Squid



  • Hi,

    Does anyone have a solution to disable the web GUI login yet keep port 443 open? as Squid's clam av blocked page listens on the same port as the web GUI.

    If not it might be a suggestion for product development.


  • Netgate

    System > Advanced.

    Set to HTTPS there, choose an unused, custom port, say 8443, and check Disable webConfigurator redirect rule.

    You will have to access the firewall at https://firewall:8443/. but it will no longer have the potential to interfere with any port 80 or 443 traffic.



  • @derelict

    Hi,

    Show would that handle the squid, clam AV blocked web page that sits on port 443,

    I assume the web server whether it be Apache or Nginx listens creates the process that hosts the web GUI but also the clam blocked page.

    What about changing the clam AV blocked webpage port number? what are your thoughts?

    Or have i misunderstood your answer,

    oohhh sorry just checked the cook book, if i do as you suggest, that "should" leave port 80 open for clam av... i think

    Let me try.. thank you

    Cheers Chris



  • Hi,

    I've just checked and as soon as you change the web port from 443 clam av stops working, going to see if the port can be changed.



  • think i may have a solution, within Squid > ACL you can block 192.168.1.1 (or any RFC 1918 addrsss as its a LAN) but permit or "whitelist" part of the squid/ clam av url:

    NOTE: i also added a rule on the LAN interface to block traffic on port 443, just encase

    0_1534885012486_squid-clam-av.PNG



  • scratch that,

    clam av uses its FQDN, which is allowed to pass the clam av white list.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy