I have squid proxy, which is currently allowing all vpc cidr range to whitelist file. I want to set-up an acl that the proxy client accessed on port 3128 it needs to apply whitelist1 and on port 3129 whitelist2. Is this possible ?
Related
I set up a wireguard instance in a docker container and use nginx proxy manager to set up all reverse proxy settings. Now I want the website to be only accessible when I am connected to the VPN.
I tried to add localhost as the forward address and set the only allow to the local server ip, but it doesn't work and just displays a cant connect to server message in my browser.
Add this to a server block (or a location or http block) in your nginx configuration:
allow IP_ADDRESS_OR_NETWORK; # allow only connections from Wireguard VPN network
deny all; # block the rest of the world
The allowed network has to match your specific Wireguard VPN network. All peer IP addresses which should have access must be part of the network range. Depending on your NAT settings, you should verify the actual IP address or network by checking the access log: tail -f /var/log/nginx/access.log
Be sure to reload your nginx config to apply changes: service nginx reload
See also http://nginx.org/en/docs/http/ngx_http_access_module.html for usage hints on the HTTP access module.
When I use $server_addr in my nginX configuration, it returns "127.0.0.1", but my script needs to know the actual LAN IP of the hosting server for some conditional items. Is there anyway to find out actual LAN IP (such as "192.168.1.32") instead of "127.0.0.1" in nginX?
I configured tinyproxy with multiple ports and wireguard. I have a server with 2 IPs (bond). clients request to my server and my server request to another server as a client.
tinyproxy listens to 8888 and 9999. now I want to if traffics come in port 8888 use IP 1 and others use IP 2 (as source IP).
any idea?
I have a scenario where I need to allow access only from a specific source port. I know how to block access to a destination port, say for example for HTTPS:
acl SSL_ports port 443
http_access deny !Safe_ports
My understanding is that this will ensure that the destination port 443 alone will be serviced. But Im not able to see any case when a source port can be filtered. Is this possible at all?
I am setting up a Squid proxy for home network that is on Wi-fi. I have given static IPs to my desktop machine and laptop at home and I want only these machines to be able to connect to internet. The squid acl I have is
acl home_ws src 192.168.4.1
acl home_laptop src 192.168.4.2
acl google dstdomain google.co.in
http_access allow home_ws
http_access allow home_laptop
http_access allow google
http_port 8080
But, when I try to connect with the squid proxy ip from my laptop, it doesn't work. The same however works fine on the desktop. I am using curl for this purpose. The error is curl: (7) couldn't connect to host. This is how I am using the curl command.
curl --proxy 192.168.4.1:8080 www.google.co.in
The ping to my desktop machine(192.168.4.1) is working fine. Am I missing something with squid.conf?