General :: How To Configure Juniper SSG140 Deny Port 80&443 Except Squid Proxy
Dec 22, 2010
I have just installed Squid proxy. i also use WPAD to deploy policies for all client. Both works well together. Now i want to configure firewall Juniper SSG140 will be deny all request from client to access internet and redirect to Squid. I mean deny HTTP & HTTPS except Squid (port 3128), even i want to all access to internet have to through Squid proxy. I don't expert about the firewall Juniper. May i know step by step configure it.
i have a proxy server up and running but one server using port 8181 cannot be accessed.how i can open that port!...i tried adding it in the safe ports but it still isn't working...
I have got a reverse proxy that is working just fine, it accepts requests on port 443 and port 80 and ONLY sends traffic upstream to port 80 to the apache server listening on localhost. I use the following config:
My problem is the following : The site should act differently in some occasions based on whether http or https was requested. So my idea is to setup second http vhost on apache listening to port 8080 and on that vhost I would server the https code. So is it possible to use SQUID to :
Send traffic destined for port 443 to localhost:8080 and Send traffic destined for port 80 to localhost:80 ?
Here is my network diagram ADSL router----firewall--LAN inside the LAN my squid is running. currently all users are working with out proxy server. I installed the proxy server inside the LAN. now all users can access web browsing ,but no other ports are working , like POP3, smtp, then some other TCP port based applications are not working. My firewall ( juniper) is created and tested the rules to allow the POP3 and smtp and selected poprts which is working , but I redirected through squid proxy server the clients are not able to access. where do I have to create rules?
** in squid proxy( i already did in safe port list stillnot working) ** IP tables?
how-to configure squid proxy server. I still haven't been able to find a solution. I want to set up squid as a open http proxy server. So people from other networks can connect through the proxy without having to login.Do I have to use iptables to reroute http traffic to squids proxy port? I have forwarded the port in my ISP modem so I know thats working, its the squid config that has flaws or iptables locally.
can anyone give me the solution how to configure dansguardian on squid transparent proxy.i m using linux - slackware squid - squid-2.6-stable18 dansguardian - 2.10.1.1
I have configured router(192.168.1.2) to serve only one machine with IP - '192.168.1.6' and set up SQUID proxy on '192.168.1.6'. I have defined some rules(ACL) regarding connections to internet on SQUID proxy.
I changed the Gateway of rest of machine (192.168.1.60 - 192.168.1.69) from '192.168.1.2' to '192.168.1.6'.
The policies which I defined in SQUID is working properly but 'Linux Evolution mail' client is not fetching mails.
Is I have to do any other settings on 'Linux System' or 'Evolution mail client'.
I have encountered a problem using squid, I am currently configuring my squid to deny all http and https except 1 external dst ip address which I will use to connect trough RDP, how can I configure my squid with what I want to accomplish?
I'm trying to use Squid to restrict web access on the computers of my LAN. All of the computers are using static IP address and we use our firewall to deny all HTTP access except for the proxy machine so everyone needs to go through the proxy to access the web.
Most of of the computers have access to websites that are listed on a white list that I called "goodsites". I have a range of IP address that I listed in a file called "super_users". These IP adresses are able to access everything except sites that I have put in a black list called "badsites".
I would like to restrict the use of audio/video streaming for all the IP adresses including the super_users. So far I have been able to effectively block streaming for all the IP addresses except the super_users that are able to bypass this restriction.
Here is the transcript of my squid.conf file:
acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8# RFC1918 possible internal network
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
Currently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.
My Config:
# DHCP configuration generated by Firestarter ddns-update-style interim; ignore client-updates;
I have a server running both apache2 (default port) and squid (3128 port) I set an squid ACL so my LAN 192.168.1.0 gets filtered. ok all works fine except for external web petitions. When i try to access my web server from the outside, using my public ip, i get a SQUID DENIED. i guess that is because in squid ACL's there is something like: http_access all deny at the end of the file. How can i allow external petitions to my web?
I have to use squid proxy server on fedora14 to develop the application/ software based on the Proxy sever analysing and count number of user and downloaded file size... .My main problems are, I'm not able to configure the access.log file in "Common Logfile Format" and how to develop the application
How to make squid proxy transparent?I have configured a Squid proxy server with some ACLs but we have to check from client side whether those ACLs work or not ,I have to open their firefox and manually enter my machine's i.e. proxy server's ip, only after entering this ip , Those ACLs work properly.But now I want to make it work without manually entering the proxy on clients machine.I guess transparent proxy is the solution, but how to configure it/Please guide me and I am one of the machine in LAN.
i m using centos 5.6 x86 give us guideline if possible, we have squid transparent proxy, the ip is set 10.0.1.85, this is as gateway we enter in window client pc to browse. now we want to block some website so we try below two method does not work, can you check if anything wrong in this, we enter this all starting of file squid.conf.
Using squid, can you proxy the [URL] through the site [URL]. From the end-user perspective they would go to and maintain the [URL] and squid would proxy the application at [URL]. More simply the application available at [URL] would load into the namespace/domain [URL].
