Squid block non-proxy user

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?










share|improve this question




























    0















    I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?










    share|improve this question


























      0












      0








      0








      I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?










      share|improve this question
















      I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?







      proxy squid






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 29 at 7:14









      Rui F Ribeiro

      40.3k1479136




      40.3k1479136










      asked Jan 29 at 7:00









      PeterPeter

      32




      32




















          1 Answer
          1






          active

          oldest

          votes


















          0














          I don't think you can get squid to do this for you.



          You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.



          The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:



          iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
          iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT


          This will send any traffic destined to those ports to the local system.



          Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.



          On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.



          Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.






          share|improve this answer























          • this is exactly what I want to do. I will try it. thank you

            – Peter
            Jan 29 at 8:15











          • HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks

            – Peter
            Jan 29 at 9:22










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497364%2fsquid-block-non-proxy-user%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          I don't think you can get squid to do this for you.



          You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.



          The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:



          iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
          iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT


          This will send any traffic destined to those ports to the local system.



          Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.



          On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.



          Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.






          share|improve this answer























          • this is exactly what I want to do. I will try it. thank you

            – Peter
            Jan 29 at 8:15











          • HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks

            – Peter
            Jan 29 at 9:22















          0














          I don't think you can get squid to do this for you.



          You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.



          The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:



          iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
          iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT


          This will send any traffic destined to those ports to the local system.



          Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.



          On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.



          Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.






          share|improve this answer























          • this is exactly what I want to do. I will try it. thank you

            – Peter
            Jan 29 at 8:15











          • HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks

            – Peter
            Jan 29 at 9:22













          0












          0








          0







          I don't think you can get squid to do this for you.



          You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.



          The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:



          iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
          iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT


          This will send any traffic destined to those ports to the local system.



          Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.



          On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.



          Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.






          share|improve this answer













          I don't think you can get squid to do this for you.



          You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.



          The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:



          iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
          iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT


          This will send any traffic destined to those ports to the local system.



          Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.



          On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.



          Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 29 at 7:46









          wurtelwurtel

          10.5k11526




          10.5k11526












          • this is exactly what I want to do. I will try it. thank you

            – Peter
            Jan 29 at 8:15











          • HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks

            – Peter
            Jan 29 at 9:22

















          • this is exactly what I want to do. I will try it. thank you

            – Peter
            Jan 29 at 8:15











          • HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks

            – Peter
            Jan 29 at 9:22
















          this is exactly what I want to do. I will try it. thank you

          – Peter
          Jan 29 at 8:15





          this is exactly what I want to do. I will try it. thank you

          – Peter
          Jan 29 at 8:15













          HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks

          – Peter
          Jan 29 at 9:22





          HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks

          – Peter
          Jan 29 at 9:22

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497364%2fsquid-block-non-proxy-user%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown






          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?