[squid-users] Squid proxy incoming and outcoming connections?

Felipe Arturo Polanco felipeapolanco at gmail.com
Thu Feb 13 16:29:31 UTC 2020 

You only have one port open for Squid
http_port 3128
You need two ports, one for HTTP and another for HTTPS.
Also, if you are going to block HTTPS based on the domain name, you need to
do sslBump to get the SNI of the destination website and then terminate the
SSL connection.

On Thu, Feb 13, 2020 at 12:26 PM Patrícia Sousa <psousadp at gmail.com> wrote:

> I think so.
>
> Here is the conf file: https://pastebin.com/DKMbwNV6
>
> Felipe Arturo Polanco <felipeapolanco at gmail.com> escreveu no dia quinta,
> 13/02/2020 à(s) 16:22:
>
>> Did you configure Squid to accept both HTTP and HTTPS ports?
>>
>> Please share your squid.conf file.
>>
>> Thanks,
>>
>> On Thu, Feb 13, 2020 at 12:18 PM Patrícia Sousa <psousadp at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Thanks for the tip,
>>>
>>> Enabling debug_options I can see that the wget from the machine computer
>>> to the Squid machine does not goes through the proxy. Any idea why?
>>>
>>> Felipe Arturo Polanco <felipeapolanco at gmail.com> escreveu no dia
>>> quinta, 13/02/2020 à(s) 15:32:
>>>
>>>> Hi,
>>>>
>>>> For this, you need to use IPtables to block at the network level.
>>>>
>>>> SSH uses port 22/tcp but wget uses HTTP, it should have been blocked by
>>>> squid.
>>>> Enabled debug_options in squid to see why it was allowed.
>>>>
>>>>
>>>>
>>>> On Thu, Feb 13, 2020 at 11:10 AM Patrícia Sousa <psousadp at gmail.com>
>>>> wrote:
>>>>
>>>>> I'm using the squid proxy and I'm trying to block some connections
>>>>> (incoming and outcoming traffic) from a certain ip address. However, for
>>>>> example, if I deny all the connections (http_access deny all) it only
>>>>> blocks the connections that I made to websites for example, but if I use
>>>>> another PC and try to ssh or wget the PC that owns the proxy squid, it is
>>>>> allowed. How can I block the traffic from and to a specific IP or DNS? It
>>>>> is possible to do this with Squid?
>>>>>
>>>>> If not, what is the best way to do this?
>>>>>
>>>>> Thank you.
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at lists.squid-cache.org
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200213/d317bf68/attachment.html>

More information about the squid-users mailing list