I can not access to webmin via squid proxy.
I have squid proxy and webmin set up already.
I have hostname like following.
・squid proxy hostname
dev-proxy.example
・webmin hostname
dev-proxy.example:10000
I addedd following to squid.conf.
# Allow webmin
acl webmin_port port 10000
acl webmin url_regex "/etc/squid/webmin.acl"
http_access allow CONNECT webmin_port localnet
http_access allow CONNECT webmin_port localhost
/etc/squid/webmin.acl has following URL.
https://dev-proxy.example
I can access to webmin without squid proxy.
However, I can not access to webmin if squid proxy is set.
Do you have any suggestion for this?
My environment is as following.
Ubuntu 18.04.4 LTS
SQUID Version 3.5.27
webmin version 1.941
Best regards,
I solve it myself.
I added following.
acl SSL_ports port 10000
Related
I am trying to setup a public squid proxy that routes it's traffic via a VPN server elsewhere in the world. It's running inside a docker container on a VPS host.
Using the default settings with push gateway, I can access the squidproxy on the VPS itself and it does route it's traffic via the vpn.
However, no external IPs can access the squid proxy.
I do have docker forwarding the port 3128:3128.
It is something to do with the OpenVPN routes that are created (as the Squid proxy is accessible until OpenVPN starts)
I found it is this route that seems to "block" my external traffic.
128.0.0.0/1 via 10.91.10.5 dev tun0
(10.91.10.5 is the gateway of the VPN)
If I remove it I can access squid again but then outgoing requests don't use the VPN.
I can make my external IP work by explicitly adding it like so
ip route add 203.X.X.X via 172.18.0.1 dev eth0
(172.18.0.1 is the docker gateway)
But I need it to work with any external IPs.
I have tried ip route add 0.0.0.0 via 172.18.0.1 dev eth0.
But this doesn't work as 128.0.0.0/1 is more specific so matches first.
In conclusion
1) Need any IP to access the SquidProxy (port 3128)
2) Need all outgoing SquidProxy requests (80,443) to go via the VPN
Any help would be greatly appreciated!
UPDATE:
So I have this working
1) Start OpenVPN with the below command
openvpn --route-nopull --script-security 2 --up /etc/openvpn/up.sh
This disables it from setting up the VPN routes. So all traffic in and out is using the default route not via VPN
2) In the up.sh, I run the below commands
#!/bin/sh
/sbin/ip route add 0.0.0.0/0 dev $1 table 100
/sbin/ip rule add from all fwmark 1 table 100
/sbin/iptables -A OUTPUT -t mangle -p tcp -m multiport --dports 80,443 -j MARK --set-mark 1
/sbin/iptables -t nat -A POSTROUTING -o $1 -j MASQUERADE
I have then setup Squid to only allow ports 80 & 443. Docker has port 3128 open for access to the container.
I also needed to use --sysctl net.ipv4.conf.all.rp_filter=0 in the docker run command.
I am doing R&D to configure Squid as HTTP and HTTPS Transparent proxy.
After some research I have configured squid HTTP and HTTPS transparent proxy and tried to start the squid but my bad luck I am getting Fatal error when squid starts.
Here is more description about my issue,
Issue Description: I have installed and configured squid3.3.4 in Debian machine. To enable squid as HTTPS transparent proxy I used public signed certificate(from Godaddy) and configured the same in squid.conf file. Once the configuration done I have tried to start the squid but while starting the squid I am getting the following error.
Error: FATAL: No valid signing SSL certificate configured for
https_port 0.0.0.0:3129
Squid Cache (Version 3.3.4): Terminated abnormally.
CPU Usage: 0.020 seconds = 0.000 user + 0.020 sys
Maximum Resident Size: 22416 KB
Page faults with physical i/o: 3
failed!
Note: The certificate and private key(which is configured in squid.conf) has been converted from tomcat keystore(Godaddy certificate) file.
Squid version: 3.3.4
Someone please help me with the issue.
Here is HTTPS transparent proxy configuration in squid.conf:
http_port 3127
http_port 3128 intercept
https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/cert/squidtrans.pem
key=/etc/squid3/cert/squidtrans.key
ssl_bump server-first all
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
Thanks in Advance.
I'm trying to give a remote machine (that I can ssh to) access to the internet through my local machine.
Currently, I've set up a squid server locally, with the intent of using a reverse tunnel a la http://ubuntuforums.org/showthread.php?t=1765935
Unfortunately, I can't seem to get the local proxy to work, on account of ignorance of how proxy-ing works.
Currently:
squid3 proxy running locally port 3128. $nmap localhost confirms: 3128/tcp open squid-http
iptables set to allow access to port 3128 only from localhost: https://serverfault.com/questions/247176/iptables-only-allow-localhost-access
squid conf unaltered.
testing locally: $export http_proxy=localhost:3128
testing locally: $lynx google.com
failure.
Any thoughts?
Try;
Add
$export https_proxy=localhost:3128
$lynx google.com
Google redirect to https
so I'm trying to create a proxy server for my crawler to use, and I'm unsure about why I'm getting denied from even myself. When I go to any website in a browser, on the computer that I've installed Squid and everything on, it's giving me the following error message:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.whatismyipaddress.com/
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is webmaster.
Generated Sun, 08 Nov 2015 04:03:13 GMT by WIN-AIUOBK0JHPA (squid/2.7.STABLE8)
I've edited my LAN settings in Internet Options to allow for a proxy server at the correct IP address (IPv4 when I run ipconfig), gave it the correct port to open up to, and I've also opened up the port in my Windows Firewall.
Below are segments of my squid.conf file:
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl localhost src 192.168.1.0/255.255.255.255
http_access allow localhost
(skip through some commented out segments....)
http_access allow manager localhost
http_access allow localnet
As you can tell, I've stripped out a lot of unnecessary commented parts. Down lower, I have my...
http_port ####
...line.
I have no idea why I'm getting blocked out. I will be constantly refreshing, so if you need any more information or have any questions, please let me know. Thank you so much!!
your config should somewhat look like below
http_access allow localhost
http_access allow localnet
# And finally deny all other access to this proxy
http_access deny all
and remove the following line from your config
acl localhost src 192.168.1.0/255.255.255.255
localhost need not to be specified as ACL its just for accessing localhost pages. You have mixed up localhost with localnet, modify that line like below
acl localnet src 192.168.1.0/255.255.255.255
your lan clients local ip that hitting the proxy should belong to the above mentioned src range or modify the range as you require. all other requests from other ips will be denied
I just got rid of all the default config and used the following:
# cat /etc/squid/squid.conf
http_port 3128
acl vpc_no_internet src 10.130.0.0/255.255.0.0
http_access allow vpc_no_internet
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
Note: The above config allows access for the specified subnet only.
I had a similar situation and the solution was to use the following commands:
unset https_proxy
unset http_proxy
unset ftp_proxy
I placed these into a script to run every time I logged in to my server.
This may not be the correct solution for you but it worked in my situation as I wasn't using the proxy and was connecting via vpn.
The only reason I am posting this is I haven't seen this answer posted anywhere else. As usual, YMMV.
I have a VPS on Ubuntu 13.10 x86_64 it has an:
public IP: say 1.1.1.1
private IP: 198.168.1.33
and I want to redirect all my incoming traffic to port 443 to my private IP 198.168.1.33
I have only SSH access to the server, can anyone tell me the command to do it? Thx.
The easiest way would be to use Apache and either
Setup a virtual host - see Examples
OR
Use Apache Proxy