Make SQUID invisible to unauthorised users

Discussion in 'Server Operation' started by Nap, Feb 21, 2016.

  1. Nap

    Nap Member

    I have Squid installed on my server and set it up so it's only available through a SSH Tunnel, and it works fine.
    The problem is that if I make a http request to port 3128 on my server [http://myserver.tld:3128], I get the default Squid error message (Invalid URL). This happens even though the firewall does not allow that port 3128, according to the list of open ports I have in ISPConfig.

    I want to stop this behaviour and have my server display a standard 500 error. Ideally I would like the server to ignore port 3128 and have the browser return 'unable to connect', but somehow Squid is bypassing my firewall settings.

    I'm aware that Squid has, at least parts of the error messages compiled into its code, which makes the custom error message option a joke. It's like 'hey hacker, I have squid on my server, come and see if you can break in....' (Oh, I'll make it a little harder by not telling you which version I'm running).

    Would anyone be able to shed some light on how to solve this problem?

  2. Nap

    Nap Member

    For some reason, perhaps cache having expired, I now have my 500 Error showing in place of the default Squid error.

    It would be nice if I could make it such that the browser returned 'unable to connect'.
  3. Nap

    Nap Member

    I've changed the port that Squid uses, and now the firewall is allowing incoming traffic on the new port though I haven't touched the Firewall settings in ISPConfig.

    Does Squid automatically create a rule to allow traffic whenever you change the configuration?
  4. Nap

    Nap Member

    Squid is listening on an IP6 port.

    While investigating this issue, I've realised that I'm using the Bastille firewall, though my
    ISPConfig -> System -> Server -> Firewall setting is UFW, and all firewall rule changes I perform are done through ISPConfig.

Share This Page