[squid-users] Bypassed Proxy
Sameh Onaissi
sameh.onaissi at solcv.com
Wed Dec 21 17:14:16 UTC 2016
Hello all,
I got a transparent squid installed on Ubuntu 16.04
Using squid guard, I am blocking certain websites, including youtube.
Anytime a user tries accessing it, he/she is redirected to an access denied page.
Except for ONE user!
One user is somehow, able to access you tube through squid!
That IP is not on the exempt list, and has no special configurations.
access.log:
1482339083.228 0 10.0.0.162 TAG_NONE/503 4459 CONNECT s.youtube.com:443 - HIER_NONE/- text/html
1482339083.324 0 10.0.0.162 TAG_NONE/503 4450 CONNECT s.youtube.com:443 - HIER_NONE/- text/html
1482339083.331 0 10.0.0.162 TAG_NONE/503 4459 CONNECT s.youtube.com:443 - HIER_NONE/- text/html
1482339083.422 0 10.0.0.162 TAG_NONE/503 4459 CONNECT s.youtube.com:443 - HIER_NONE/- text/html
1482339083.436 0 10.0.0.162 TAG_NONE/503 4450 CONNECT s.youtube.com:443 - HIER_NONE/- text/html
1482339083.517 0 10.0.0.162 TAG_NONE/503 4459 CONNECT s.youtube.com:443 - HIER_NONE/- text/html
1482339086.251 0 10.0.0.162 TAG_NONE/503 4450 CONNECT s.youtube.com:443 - HIER_NONE/- text/html
Any other user tries and gets:
1482339588.002 350 10.0.0.40 TCP_MISS/200 611 GET https://www.youtube.com/ - HIER_DIRECT/190.xxx.xxx.xxx text/html
That is the redirect html page.
My deny list where youtube is:
var/lib/squidguard/db/deny/urls has www.youtube.com<http://www.youtube.com>
var/lib/squidguard/db/deny/domains has youtube.com<http://youtube.com>
Any idea to how he is doing it?
I can add a rule to specifically deny 10.0.0.162, but I want to know how he is doing it to prevent it for others. Also this is a dynamic IP.
Thank you,
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161221/e8e4b869/attachment.html>
More information about the squid-users
mailing list