[squid-users] Squid proxy incoming and outcoming connections?

Patrícia Sousa psousadp at gmail.com
Fri Feb 14 10:05:22 UTC 2020


I only configured the machine that has the squid proxy to use it. If I made
a wget from this machine to the another, it denies the request, as desired.
Only the reverse is not taken.

So, it's not possible to configure the http "incoming" connections to my
machine to go through the proxy?

Matus UHLAR - fantomas <uhlar at fantomas.sk> escreveu no dia sexta,
14/02/2020 à(s) 09:41:

> On 13.02.20 16:18, Patrícia Sousa wrote:
> >Enabling debug_options I can see that the wget from the machine computer
> to
> >the Squid machine does not goes through the proxy. Any idea why?
>
> Because you apparently haven't configured anything to use the proxy.
>
> Squid is a proxy, not a firewall, and it does not block connections to your
> machine.
>
> Also, SQUID can only support HTTP and HTTPS connections, not SSH.
>
> SSH and other TCP connections can be tunnelled through proxy, but the
> clients need to be configured to use HTTP proxy, if they support it.
>
>
>
> >Felipe Arturo Polanco <felipeapolanco at gmail.com> escreveu no dia quinta,
> >13/02/2020 à(s) 15:32:
> >> For this, you need to use IPtables to block at the network level.
> >>
> >> SSH uses port 22/tcp but wget uses HTTP, it should have been blocked by
> >> squid.
> >> Enabled debug_options in squid to see why it was allowed.
> >>
> >>
> >>
> >> On Thu, Feb 13, 2020 at 11:10 AM Patrícia Sousa <psousadp at gmail.com>
> >> wrote:
> >>
> >>> I'm using the squid proxy and I'm trying to block some connections
> >>> (incoming and outcoming traffic) from a certain ip address. However,
> for
> >>> example, if I deny all the connections (http_access deny all) it only
> >>> blocks the connections that I made to websites for example, but if I
> use
> >>> another PC and try to ssh or wget the PC that owns the proxy squid, it
> is
> >>> allowed. How can I block the traffic from and to a specific IP or DNS?
> It
> >>> is possible to do this with Squid?
> >>>
> >>> If not, what is the best way to do this?
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> M$ Win's are shit, do not use it !
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200214/6ec60d92/attachment-0001.html>


More information about the squid-users mailing list