How do I restrict the proxy from allowing access to local networks?

[bimbar]

Typically my firewall sits at the center of many local networks. Some of them should be accessible to clients, some of them not.
I can restrict that using the firewall.

But if I enable the web proxy, that circumvents the firewall? How to I prevent clients from accessing otherwise protected internal networks by using the proxy?

[fabian]

Via a custom ACL. That is AFAIK not available in the Gui

[crissi]

Hi,

i have exactly the same problem. As you mentioned custom acl are not available in the Gui, means to get this correct to work, i have also to tamper again within the squid.conf??

Thx!

[Cuffs]

Via a custom ACL. That is AFAIK not available in the Gui

Much too complicated IMO

I do that via a FW alias list containing all the local subnets and use that in the NAT rule pointing to squid as inverted destination.

So the allowed source can access all the external adresses via squid, but is not NATed when the destination is a local LAN IP.
(I also put Firehol etc. block lists there)

br
Christian

[bimbar]

It should then still be possible to use the proxy explicitly.

[Cuffs]

Yes

[mimugmail]

I believe the business edition also has a plugin for this.

[crissi]

I do that via a FW alias list containing all the local subnets and use that in the NAT rule pointing to squid as inverted destination.

Hi Christian,
do you just change the redirect traffic rules under NAT Portforward for this?

Thx!

[Cuffs]

Hi

Yes, the NAT rules that redirect to the proxy

[crissi]

Hi,

thanks will try this