Squid block non-proxy user
Clash Royale CLAN TAG#URR8PPP
I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?
proxy squid
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
asked Jan 29 at 7:00
PeterPeter
32
add a comment |
I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?
proxy squid
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
asked Jan 29 at 7:00
PeterPeter
32
add a comment |
I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?
proxy squid
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
asked Jan 29 at 7:00
PeterPeter
32
I installed squid which is listening on port 3128. Now, I would like to show an error webpage to every user who tries to connect to any http/https webpage and doesnt have proxy set up. What parameter do I need to set up?
proxy squid
proxy squid
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
asked Jan 29 at 7:00
PeterPeter
32
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
asked Jan 29 at 7:00
PeterPeter
32
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
edited Jan 29 at 7:14
Rui F Ribeiro
40.3k1479136
40.3k1479136
asked Jan 29 at 7:00
PeterPeter
32
asked Jan 29 at 7:00
PeterPeter
32
asked Jan 29 at 7:00
PeterPeter
32
32
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I don't think you can get squid to do this for you.
You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.
The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:
iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT
This will send any traffic destined to those ports to the local system.
Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.
On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.
Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
this is exactly what I want to do. I will try it. thank you
– Peter
Jan 29 at 8:15
HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks
– Peter
Jan 29 at 9:22
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497364%2fsquid-block-non-proxy-user%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I don't think you can get squid to do this for you.
You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.
The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:
iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT
This will send any traffic destined to those ports to the local system.
Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.
On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.
Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
this is exactly what I want to do. I will try it. thank you
– Peter
Jan 29 at 8:15
HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks
– Peter
Jan 29 at 9:22
add a comment |
I don't think you can get squid to do this for you.
You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.
The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:
iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT
This will send any traffic destined to those ports to the local system.
Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.
On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.
Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
this is exactly what I want to do. I will try it. thank you
– Peter
Jan 29 at 8:15
HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks
– Peter
Jan 29 at 9:22
add a comment |
I don't think you can get squid to do this for you.
You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.
The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:
iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT
This will send any traffic destined to those ports to the local system.
Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.
On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.
Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
I don't think you can get squid to do this for you.
You need to redirect outgoing http/https traffic on your router to some local webserver that responsd with the given error page no matter what URL is requested.
The redirection is easiest when you have the webserver running on the gateway itself; you can then add rules like this:
iptables -t nat -A PREROUTING -p tcp --dport http -j REDIRECT
iptables -t nat -A PREROUTING -p tcp --dport https -j REDIRECT
This will send any traffic destined to those ports to the local system.
Note that for https traffic the use will get a certificate error, as the certificate used by the local system most certainly will not match the hostname requested.
On the webserver side you can use the index.html page with your message as the 404 error document, so that no matter what URL is requested, that page is served.
Of course the simplest way is just to reject all http/https traffic, the browser will give an error. You can use REJECT with --reject-with adm-prohibited, hopefully the browser will pass this status on to the user.
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
answered Jan 29 at 7:46
wurtelwurtel
10.5k11526
10.5k11526
this is exactly what I want to do. I will try it. thank you
– Peter
Jan 29 at 8:15
HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks
– Peter
Jan 29 at 9:22
add a comment |
this is exactly what I want to do. I will try it. thank you
– Peter
Jan 29 at 8:15
HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks
– Peter
Jan 29 at 9:22
this is exactly what I want to do. I will try it. thank you
– Peter
Jan 29 at 8:15
this is exactly what I want to do. I will try it. thank you
– Peter
Jan 29 at 8:15
HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks
– Peter
Jan 29 at 9:22
HTTP works great, now the question is https :) is there any way how to redirect all 443 traffic to the local error page?thanks
– Peter
Jan 29 at 9:22
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497364%2fsquid-block-non-proxy-user%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
