LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-17-2017, 12:28 AM   #1
AshaVipin
LQ Newbie
 
Registered: Mar 2017
Posts: 2

Rep: Reputation: Disabled
Squid configuration on RHEL 6


We have some client servers and a master server. In between them, there is a server (say server A) where squid is installed to act as proxy and firewall.

Client needs to be communicated with Master server and master needs to be communicated with client.

Client/Master server to Server A connection is through HTTPS 8080
Server A to Client/Master connection is through HTTP & HTTPS 1000

Please let me know if the below configuration in Squid is correct?

acl client src "client IP addrs.txt"
acl master dst "master IP addr.txt"
http_access allow client master

http_port 8080

Do we need to create acl for port number and protocols? Can we use HTTPS in http_access?
 
Old 03-17-2017, 08:36 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by AshaVipin View Post
We have some client servers and a master server. In between them, there is a server (say server A) where squid is installed to act as proxy and firewall. Client needs to be communicated with Master server and master needs to be communicated with client.

Client/Master server to Server A connection is through HTTPS 8080
Server A to Client/Master connection is through HTTP & HTTPS 1000

Please let me know if the below configuration in Squid is correct?
Code:
acl client src "client IP addrs.txt"
acl master dst "master IP addr.txt"
http_access allow client master
http_port 8080
Do we need to create acl for port number and protocols? Can we use HTTPS in http_access?
You're omitting some details here. Are these servers for ONE client? Are they on the Internet, or are they internal? Because the way your question reads, it seems they're both on the same network, even though they may be WAN connected. That said, your configured LOOKS ok, but I'd question the way you're doing the port 8080...https is different than http, and unless you've explicitly compiled squid with https support, you may not have it.
http://wiki.squid-cache.org/Features/HTTPS

There are ways to use iptables to get https traffic to your destination...but if this is for an internal site, or just for ONE client, the easiest thing to do would be to establish a VPN tunnel, which would keep everything on ONE network, and you wouldn't have to go through a proxy. And the quickest way to figure out if this was going to work would have been to just try it, and you'd have had an answer faster than it took you to register here and post.

Last edited by TB0ne; 03-17-2017 at 08:37 AM.
 
1 members found this post helpful.
Old 03-20-2017, 03:16 PM   #3
AshaVipin
LQ Newbie
 
Registered: Mar 2017
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thank you for the reply.
There are many client servers and one master server. Clients and Server A are in one network, the master server is in a different network (internal, not via internet).
Server A's proxy will be configured to receive through HTTPS 8088. On client and master the port used is HTTP & HTTPS port 1000
Do we need to mention the protocol HTTPS in the acl list?
Sorry, we don’t have the servers ready to test currently.
Attached Thumbnails
Click image for larger version

Name:	Diagram.PNG
Views:	13
Size:	13.6 KB
ID:	24559  
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
step by step configuration of squid proxy server in RHEL 6.0 tejalkatkar Linux - Newbie 2 12-22-2011 01:32 AM
[ask] newbie using squid in RHEL 5 none-sense Red Hat 11 05-15-2010 11:41 AM
Problem with configuration of Squid server behind a squid ajitup Linux - Server 13 08-12-2009 10:55 PM
Could I use Squid v2.5 in RHEL 5, by default its use v2.6 addil Linux - Newbie 2 04-12-2009 01:17 PM
Squid: special configuration for remote Squid server hamish Linux - Software 0 12-06-2005 03:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration