[squid-users] Squid blocking 192.168.x.x
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Sep 27 10:03:28 UTC 2019
>> On 27/09/19 7:56 pm, Martin S wrote:
>> > OK, did that
>> >
>> > # Example rule allowing access from your local networks.
>> > # Adapt localnet in the ACL section to list your (internal) IP networks
>> > # from where browsing should be allowed
>> > http_access allow localnet
>> > http_access allow localhost
>> >
>> > # And finally deny all other access to this proxy
>> > http_access deny all
>> >
>> > I now noticed that it denies access through https.
>Den fre 27 sep. 2019 kl 10:26 skrev Amos Jeffries <squid3 at treenet.co.nz>:
>> What are you seeing that makes yo think that?
>>
>> The config shown with the above change made allows localnet clients to
>> request https:// URLs through the proxy as well as http:// and the other
>> protocols.
On 27.09.19 10:54, Martin S wrote:
>Going to 1http://92.168.0.6:10000 now lets me access the page. However,
>that page requires a https login. So, there is a link to
>https://192.168.0.6:10000
>
>Clicking the link to go to the https site produces "The proxyserver denies
>the connection".
>
>Changing the internet connection to *not* use Squid, then I have no
>problems accessing https://192.168.0.6:10000.
10000 (i assume webmin) is non-standard port from https point of view.
within squid it must be allowed.
acl SSL_ports port 10000
However, if you can connect directly, you should do so (configure web
browser to use direct connections to 192.168.*).
It's possible that CONNECT ports over 1024 will be allowed but this must be
discused and agreed on (unless such discussion was already done in the near
past and the agreement was not made).
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.
More information about the squid-users
mailing list