Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable web GUI access when running Squid

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 2 Posters 758 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mr_JinXM
      Mr_JinX
      last edited by

      Hi,

      Does anyone have a solution to disable the web GUI login yet keep port 443 open? as Squid's clam av blocked page listens on the same port as the web GUI.

      If not it might be a suggestion for product development.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        System > Advanced.

        Set to HTTPS there, choose an unused, custom port, say 8443, and check Disable webConfigurator redirect rule.

        You will have to access the firewall at https://firewall:8443/. but it will no longer have the potential to interfere with any port 80 or 443 traffic.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        Mr_JinXM 1 Reply Last reply Reply Quote 0
        • Mr_JinXM
          Mr_JinX @Derelict
          last edited by

          @derelict

          Hi,

          Show would that handle the squid, clam AV blocked web page that sits on port 443,

          I assume the web server whether it be Apache or Nginx listens creates the process that hosts the web GUI but also the clam blocked page.

          What about changing the clam AV blocked webpage port number? what are your thoughts?

          Or have i misunderstood your answer,

          oohhh sorry just checked the cook book, if i do as you suggest, that "should" leave port 80 open for clam av... i think

          Let me try.. thank you

          Cheers Chris

          1 Reply Last reply Reply Quote 0
          • Mr_JinXM
            Mr_JinX
            last edited by

            Hi,

            I've just checked and as soon as you change the web port from 443 clam av stops working, going to see if the port can be changed.

            1 Reply Last reply Reply Quote 0
            • Mr_JinXM
              Mr_JinX
              last edited by

              think i may have a solution, within Squid > ACL you can block 192.168.1.1 (or any RFC 1918 addrsss as its a LAN) but permit or "whitelist" part of the squid/ clam av url:

              NOTE: i also added a rule on the LAN interface to block traffic on port 443, just encase

              0_1534885012486_squid-clam-av.PNG

              1 Reply Last reply Reply Quote 0
              • Mr_JinXM
                Mr_JinX
                last edited by

                scratch that,

                clam av uses its FQDN, which is allowed to pass the clam av white list.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.