Squidguard: Not to allow IP addresses in URL. Port bypassed
-
Hi there.
I have setup squidguard not to allow hardcode IP's on the URL.
The ploblem arises if the URL contains a port (ie: 8085). Squidguard lets traffic through.ie: http://80.74.24.123 is blocked.
http://80.74.24.123:8085 is not blocked.Is it possible to block any given IP no matters what the port is?
Thank you very much in advance.
jesus
-
Are you using squid in transparent mode?
-
I was using squid in transparent mode.
I thought that the problem was only with https and it had nothing to do with other ports.
By the way, I'm now using squid in a non-transparent configuration, using wpad to setup clients browser.
According to the howto (http://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid), port 80 needs to be block from LAN interface.
Should port 443 be blocked too?Thank you,
Jesus
-
According to the howto (http://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid), port 80 needs to be block from LAN interface.
Should port 443 be blocked too?You should change your firewall rules to allow traffic you know and block everything else.
Users will try to find a way to "jump over" your proxy, the https is just the first step.
-
Do you mean that ports 443 & 8085 (as shown in my first post) should be blocked?
I though squid was taking over every request.
Thank you,
Jesus
-
Do you mean that ports 443 & 8085 (as shown in my first post) should be blocked?
I though squid was taking over every request.
Thank you,
JesusSquid filter what cames to it's listening port.
If the user unselect the proxy settings o run a browser/tool from pendrive, this traffic will not go to squid.
-
Ok. Now I understand your point.
Thank you very much.
Jesus
