Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squidguard: Not to allow IP addresses in URL. Port bypassed

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 2 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmarquez
      last edited by

      Hi there.

      I have setup squidguard not to allow hardcode IP's on the URL.
      The ploblem arises if the URL contains a port (ie: 8085). Squidguard lets traffic through.

      ie: http://80.74.24.123 is blocked.
          http://80.74.24.123:8085 is not blocked.

      Is it possible to block any given IP no matters what the port is?

      Thank you very much in advance.
      jesus

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Are you using squid in transparent mode?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • J
          jmarquez
          last edited by

          I was using squid in transparent mode.

          I thought that the problem was only with https and it had nothing to do with other ports.

          By the way, I'm now using squid in a non-transparent configuration, using wpad to setup clients browser.
          According to the howto (http://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid), port 80 needs to be block from LAN interface.
          Should port 443 be blocked too?

          Thank you,
          Jesus

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @jmarquez:

            According to the howto (http://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid), port 80 needs to be block from LAN interface.
            Should port 443 be blocked too?

            You should change your firewall rules to allow traffic you know and block everything else.

            Users will try to find a way to "jump over" your proxy, the https is just the first step.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • J
              jmarquez
              last edited by

              Do you mean that ports 443 & 8085 (as shown in my first post) should be blocked?

              I though squid was taking over every request.

              Thank you,
              Jesus

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @jmarquez:

                Do you mean that ports 443 & 8085 (as shown in my first post) should be blocked?

                I though squid was taking over every request.

                Thank you,
                Jesus

                Squid filter what cames to it's listening port.

                If the user unselect the proxy settings o run a browser/tool from pendrive, this traffic will not go to squid.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • J
                  jmarquez
                  last edited by

                  Ok. Now I understand your point.

                  Thank you very much.
                  Jesus

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.