Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I observe a strange with my squid since I can manage to block 80 port but unable to stop 443. My squid is config on transparent mode. What I mean is I was testing my server from an other location, in console I use following cmd with my server public IP.
Code:
HTTP_PROXY=x.x.x.8:3128 elinks
and enter website like https://www.paypal.com I was surprise to see it does browse the page. Which it should not do that.
Again, as you were told in that thread, https blocking doesn't work with transparent mode, and not just because of that. Squid is an http proxy...it CAN route https traffic, if you compiled that option in. If you followed any of the suggestions on your old thread, or tried looking on the Squid wiki/website, (or even bothered to try Google), you'd find out how to do it: http://squid-web-proxy-cache.1019090...td3537941.html http://www.cyberciti.biz/tips/linux-...uid-howto.html
There are MANY more options, but try to think about what you're asking. Https is http SECURE...that means, it's designed to stop man-in-the-middle attacks...which is what Squid is, in this context. You can use iptables to redirect things to another port, or block it, but squid won't do it. Try checking the documentation first.
Dear you did not get my point here. What I mean is , people are using my proxy server as open proxy when I test my server with above cmd to test. Ive no issue blocking ssl supported website for my internal clients.
Just curious to know how to prevent outside to use my proxy server.
A properly configured proxy should deny traffic and access from outside of your LAN. My understanding is that this is the default behavior of Squid. You have likely modified the ACL in a manner that is allowing this activity. What have you changed in the ACL rules?
Dear you did not get my point here. What I mean is , people are using my proxy server as open proxy when I test my server with above cmd to test. Ive no issue blocking ssl supported website for my internal clients.
Just curious to know how to prevent outside to use my proxy server.
I didn't get your point, because that's NOT what you asked in your original question. Blocking SSL is a far cry from having external users able to use your proxy server.
As Noway2 said...you must have put rules in to allow this.
Well I've gone through the config it does block . when I use HTTP_PORXY=202.x.x.x:3128 elinks . and I normaly browse http://www.yahoo.com it denied that but when I use with like https://www.paypal.com it bypass , this is really strange anyway thanks for hint I'm gonna have review of config file.
Hello,
Well I've gone through the config it does block . when I use HTTP_PORXY=202.x.x.x:3128 elinks . and I normaly browse http://www.yahoo.com it denied that but when I use with like https://www.paypal.com it bypass , this is really strange anyway thanks for hint I'm gonna have review of config file.
Right....which is what's been explained to you before. HTTP blocking is DIFFERENT than HTTPS blocking. Squid DOES NOT block http, nor does it proxy it, because of what https IS.
Re-reading your replies, you either have a proxy server that's totally open from the outside (see noway2's reply on that), or you can't block https (see mine and other replies in this thread and your other). Which is it?
Just curious to know how to prevent outside to use my proxy server.
Typically, this is done on two layers. The first would be your firewall (iptables rules), and the second would be your Squid configuration (ACLs, listening interface/IP, etc). If you want us to help you get things squared away, post the output of the following commands (run on the Squid box) so that we may understand your current situation:
note: in the link there is the word "Intercept" , don't burn me for this....lol or try to create in your hosts fle a fake 127.0.0.1 .domain.com , the dot before the domain is important
Right...that's why the OP was directed to those solutions early on.
How does Adblock do it?
Kaspersky can also block some Ads and how the do it?
Again, as you were told in the OTHER thread you posted, you CANNOT do this with squid. If you want to know how other, close-source programs do things, then you should ASK THEM, as we don't know.
AGAIN, as you were told before, you can block HTTPS with an IP tables rule, but NOT for just some sites, unless they have static IP addresses. Stop re-opening old threads, if you're not going to be bothered reading what's IN them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.