Squid proxy ignores squidguard rewrite url, domains and forwards to blocked url (squid 3.5)

I’ve squid 3 setup on ubuntu server (DISTRIB_RELEASE=18.04) squid proxy version: 3.5.27
with the below config.
When i try to access any url for example a porn site, which is blocked in squidGuard blocked domains/url list, but squid proxy forwards to the porn site.
I’ve enabled debug logs on squid proxy and i could see that this is allowed with the below acl.
The squid porxy never redirects the url to squidGuard,
Am i missing any config to redirect the url to squidGuard.
I’ve been on this for whole week, google played with install and uninstall and also copied the shared configs from github, i still see squid proxy never redirects to squidGuard.

Any help on this will be much appreciated.

 acl localnet src 192.168.0.0/16
 http_access allow localnet

My complete config:

acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl to_localnet dst 10.0.0.0/8
acl to_localnet dst 192.168.0.0/24


# standard allowed outbound ports
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl manager proto cache_object
http_access allow localhost manager
http_access deny manager

# allow outbound if from on the Squid host
http_access allow localhost
http_access allow localnet
http_access allow to_localnet
# only allow outbound from the whitelist in /etc/squid/
#acl egress_domains dstdomain "/etc/squid/whitelist"
#http_access allow localnet egress_domains

# allow egress to an IP from the internal network

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 192.168.1.138:8888 
http_port 192.168.1.138:8889 intercept

debug_options ALL,1 33,2 33,9

# Caching patterns for squid cache objects
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
# example lin deb packages
#refresh_pattern (.deb|.udeb)$   129600 100% 129600
refresh_pattern .               0       20%     4320

shutdown_lifetime 10 seconds
error_directory /usr/share/squid/errors/en/
error_default_language en

logformat squid-cs %{%Y-%m-%d %H:%M:%S}tl %3tr %>a %Ss/%03>Hs %<st %rm %>ru %un %Sh/%<a %mt "%{User-Agent}>h" "SQUID-CS" %>st %note
access_log /var/log/squid/access.log squid-cs

url_rewrite_children 20 startup=0 idle=1 concurrency=2
url_rewrite_program /usr/bin/squidGuard –c /etc/squidguard/squidGuard.conf

sample curl call to test:

   curl -I -XGET  $http_proxy https://www.freexcafe.com/

http://devappserver-api:8888
HTTP/1.1 503 Service Unavailable
Server: squid/3.5.27
Mime-Version: 1.0
Date: Wed, 02 Dec 2020 08:07:14 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3471
X-Squid-Error: ERR_CONNECT_FAIL 111
X-Cache: MISS from devappserver-api
X-Cache-Lookup: MISS from devappserver-api:8888
Via: 1.1 devappserver-api (squid/3.5.27)
Connection: keep-alive

HTTP/1.1 200 Connection established

HTTP/2 200 
server: nginx
date: Wed, 02 Dec 2020 08:07:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.34


acces.log:



Acl.cc(138) matches: checking http_access#8
2020/12/02 03:32:29.857 kid1| 28,5| Acl.cc(138) matches: checking all
2020/12/02 03:32:29.857 kid1| 28,9| Ip.cc(95) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 192.168.1.130:55336/(::) ((::):55336)  vs (::)-(::)/(::)
2020/12/02 03:32:29.857 kid1| 28,3| Ip.cc(539) match: aclIpMatchIp: '192.168.1.130:55336' found
2020/12/02 03:32:29.857 kid1| 28,3| Acl.cc(158) matches: checked: all = 1
2020/12/02 03:32:29.857 kid1| 28,3| Acl.cc(158) matches: checked: http_access#8 = 1
2020/12/02 03:32:29.857 kid1| 28,3| InnerNode.cc(97) resumeMatchingAt: checked: http_access = 1
2020/12/02 03:32:29.858 kid1| 28,3| Checklist.cc(63) markFinished: 0x55673fdd4b88 answer ALLOWED for match
2020/12/02 03:32:29.858 kid1| 28,3| Checklist.cc(163) checkCallback: ACLChecklist::checkCallback: 0x55673fdd4b88 answer=ALLOWED
2020/12/02 03:32:29.858 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x55673fdd4b88
2020/12/02 03:32:29.858 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x55673fdd4b88
2020/12/02 03:32:29.858 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffddcf37af0
2020/12/02 03:32:29.858 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffddcf37af0
2020/12/02 03:32:29.858 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffddcf37af0
2020/12/02 03:32:29.858 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffddcf37af0
2020/12/02 03:32:29.858 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffddcf36fe0
2020/12/02 03:32:29.858 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffddcf36fe0
2020/12/02 03:32:30.151 kid1| 33,2| client_side.cc(3370) clientReadRequest: local=192.168.1.138:8888 remote=192.168.1.130:55334 FD 11 flags=1: got flag -1; (104) Connection reset by peer
2020/12/02 03:32:30.152 kid1| 33,2| client_side.cc(832) swanSong: local=192.168.1.138:8888 remote=192.168.1.130:55336 flags=1
2020/12/02 03:32:30.152 kid1| 28,3| Checklist.cc(70) preCheck: 0x7ffddcf37d30 checking fast ACLs
2020/12/02 03:32:30.152 kid1| 28,5| Acl.cc(138) matches: checking access_log /var/log/squid/access.log
2020/12/02 03:32:30.152 kid1| 28,5| Acl.cc(138) matches: checking (access_log /var/log/squid/access.log line)
2020/12/02 03:32:30.152 kid1| 28,3| Acl.cc(158) matches: checked: (access_log /var/log/squid/access.log line) = 1
2020/12/02 03:32:30.152 kid1| 28,3| Acl.cc(158) matches: checked: access_log /var/log/squid/access.log = 1
2020/12/02 03:32:30.152 kid1| 28,3| Checklist.cc(63) markFinished: 0x7ffddcf37d30 answer ALLOWED for match
2020/12/02 03:32:30.152 kid1| 28,4| FilledChecklist.cc(66) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7ffddcf37d30
2020/12/02 03:32:30.152 kid1| 28,4| Checklist.cc(197) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7ffddcf37d30
2020/12/02 03:32:30.152 kid1| 33,2| client_side.cc(832) swanSong: local=192.168.1.138:8888 remote=192.168.1.130:55334 flags=1


Moving through a JavaScript array backwards and forwards

I have a text generator where you can choose the direction that we run through array strings. No matter which way you go, it will always loop around to the start.

I’ve figured out a way to change the direction we move through the array with buttons, but now there’s a problem with reversing the process either direction. When clicking the reverse button after going forwards (and visa versa), there is a delay in the process. It will move one item in the wrong direction before moving through the array in the correct direction. Other than that, it works like a dream. See the snippet below.

var oddprocess = (
    '1',
    '2',
    '3',
    '4',
    '5',
    '',
);


//variables
var processFor = 0;
var counterFor = 1;

var prevProc = document.getElementById('button05');
prevProc.onclick = function() {
    document.getElementById('procDisplay').innerHTML = oddprocess(processFor);
    processFor--;
    if(processFor < 0) processFor = oddprocess.length - 1;
    //counter
    document.getElementById('counter').innerHTML = (counterFor + '&nbsp;/&nbsp;' + (oddprocess.length - 1));
    counterFor--;
    if(counterFor < 0) counterFor = oddprocess.length - 1;
}

var nextProc = document.getElementById('button04');
nextProc.onclick = function() {
  document.getElementById('procDisplay').innerHTML = oddprocess(processFor);
    processFor++;
    if(processFor >= oddprocess.length) processFor = 0;
    //counter
    document.getElementById('counter').innerHTML = (counterFor + '&nbsp;/&nbsp;' + (oddprocess.length - 1));
    counterFor++;
    if(counterFor >= oddprocess.length) counterFor = 0;
}
<div class="cell cell-1">
  <div class="center" id='procDisplay'></div>
</div>
<div class="cell cell-2">
  <button id="button05"><b>Back</b></button>
  <b><font style="color:#000;" id="counter"></font></b>
  <button id="button04"><b>Forth</b></button>
</div>

network – After Zoom install: macOS forwards various requests to localhost

right on the day since I installed (and uninstalled) Zoom, various URLs began to be forwarded to localhost. Like:

$ traceroute -I googleadservices.com

traceroute to googleadservices.com (127.0.0.1), 64 hops max, 72 byte packets
 1  localhost (127.0.0.1)  0.525 ms  0.061 ms  0.054 ms

Other sites and services are affected, too, so I had to grab the IPs behind the domains and hardcode things in the /etc/hosts to be able to work, it looks like this now:

127.0.0.1   localhost
255.255.255.255 broadcasthost
::1             localhost
# Added by Docker Desktop
# To allow the same kube context to work on the host and the container:
127.0.0.1 kubernetes.docker.internal
# End of section

#manual quickfixes:
140.82.113.3    github.com
140.82.118.4    gist.github.com
151.101.52.133  gist.githubusercontent.com
104.28.28.240   coronazaehler.de
172.217.2.106  firebasestorage.googleapis.com
104.26.1.95  myairbridge.com

157.240.18.19 cdn.fbsbx.com
# BEGIN section for OpenVPN Client SSL sites
127.94.0.1  client.openvpn.net
127.94.0.2  openvpn-client.vpn.leondrino.com
# END section for OpenVPN Client SSL sites

Using NordVPN doesn’t change anything, but with TOR I can access everything.
What could be wrong ?

Setting up a TCP-SNI proxy that dynamically forwards SSL traffic to any hostname that the SNI might contain

I’m firstly gonna summerize my goal:

I’ll setup a DNS server and configure my smart tv to use it. I’ll set the DNS server up so that requests to specific DNS zones will not actually be resolved, rather the DNS server will return the IP of my proxy server. The proxy server needs to accept any HTTPS request, inspect the SNI, and forward the request to the corresponding host. I cannot statically configure the hosts to which the proxy shall pass the incoming requests, as those hostnames are being “randomly” (= outside of my control) generated in a specific DNS zone.

So far I’ve looked into nginx’s ngx_stream_ssl_preread_module, as well as into HProxy. So far, I have not found a way to make them proxy pass the traffic to $requesthostname, it seems like you always need to specify backends to which you pass the traffic.

While inspecting HTTPS traffic on my local machine using mitmproxy, I realized that it behaves as I desire, in that it forwards all HTTPS requests to the corresponding hostnames. However, as I cannot install mitmproxy’s CA certificate on my smart tv, I cannot use it for this purpose.

Does anybody know a proxy software that serves my purpose, or a way to configure one of the proxyservers I mentioned in such a way that it behaves in such a manner?

Help is greatly appreciated, thanks in advance

Azure forwards base upon host and not ip

I have a site that exists elsewhere that I am planning on transferring to Azure vm. The problem is that to test it I am setting the host file on my computer to my Azure ip and Azure is forwarding the requests to the real site. If I open just by ip it works and if I open a domain that exist nowhere then it also works but apparently Azure is doing some dns lookup and forwarding using some NAT before it actually reaches the vm. I might say that it’s only testing but our plan is to actually setup a reverse proxy varnish locally outside of Azure so this will be a problem unless I set up some internal fake domain.

2013 – cant scrub forwards or back on videos on SharePoint

I can’t seem to get video files in sharePoint 2013 to allow you to scrub ahead or back.

this happens if files are in a video library or a normal doc library.

Chrome doesn’t seem to work at all the video will just play and not let you scrub forward or back

IE will let you click to where you wan’t but seems to need to download the whole file up to where you you have selected then will let you jump backward.

Has anyone got some solutions for this.

iptables forwards traffic coming from the openvpn tunnel to lan

The network topology is shown below:

------------------------ 123.45.67.89 (WAN)      ----------------------
|    pfSense           |-------------------------|     Public client  |
------------------------                         ----------------------
         | 10.1.1.1 (tun)
         |
         |
         | 10.1.1.2 (tun)
----------------------- 192.168.0.2 (LAN)   192.168.0.3 (LAN)----------------
|       RPi           | -------------------------------------|  VNC Server  | 
-----------------------                                      ----------------

Scenrio:

  1. The public client accesses pfSense on WAN ip and port 5900
  2. PfSense forwards traffic to OpenVPN ip 10.1.1.2:5900 (RPi)
  3. RPi performs SNAT and DNAT and forwards to 192.168.0.3:5900 (VNC server)
  4. The VNC server responds to the source IP, that is, 192.168.0.2
  5. PROBLEM: RPi does not forward the response to pfSense, unless you configure it for all traffic to pass through tun (using routes). However, I would like only VNC server responses, related to VNC traffic, to pass through the tun interface.

Below is the configuration of iptables in RPi

pi@raspberrypi:~ $ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpts:9500:9505 to:192.168.0.3:5900-5905

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       tcp  --  anywhere             anywhere             tcp dpts:5900:5905 to:192.168.0.2

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I thought about putting ip 10.1.1.2 in SNAT, but since the VNC server doesn't know how to route this subnet, I ended up with asymmetric routing.

below is the it does not work routing table:

pi@raspberrypi:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         speedport-entry 0.0.0.0         UG    202    0        0 eth0
10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0

below is the working routing table (all traffic goes through tun):

pi@raspberrypi:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.1.1        128.0.0.0       UG    0      0        0 tun0
default         speedport-entry 0.0.0.0         UG    202    0        0 eth0
10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
static.89.67.45 speedport-entry 255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.1.1.1        128.0.0.0       UG    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0

Question:
How do I forward the traffic that reaches 192.168.0.2 from the VNC server to tun?

Thank you

nginx – Forwards the IP address with a specific port to the domain

I just configured my first Ubuntu server to run a Python / Flask application on it. It is a hosted server and the static IP address is already being correctly forwarded to my domain www.example.com.

Now I'm trying to access another application (the HTTP supervisor service) that is already running on port 9000 through my domain. But I could not find any work solution for it.

Nginx seems to be an option, but I tried some things without any success. My current Nginx file looks like this:

server {
listen 80;
server_name 0.0.0.0;

Location / {
proxy_pass http: // localhost: 8000;
includes / etc / nginx / proxy_params;
proxy_redirect off;
}

}

Any help would be greatly appreciated! Thank you very much in advance!

mobile: A bot telegram that copies and forwards messages from a chat or group?

I do not know if it's the right community, so if I'm wrong, tell me where I should write …

However, I would like to know if there is a telegram robot that automatically copies and forwards the messages in a chat (in a channel or in a group) and forwards them to another place (in a chat, channel or group).

I ask this because I would like to create a payment bot that sends notifications, so every user who wants to use the bot must pay.
However, I would not want that in the same chat, group, channel where "my bot" is, there is another bot that copies "my messages" and forwards them to another part.

In this way, other users use my service without paying …

htaccess – Configure apache forwards my site to index.php for root

Struggling with the following problem: CPanel in the shared hosting force index to be index.php and prohibits any root request, that is, & # 39; / & # 39 ;.
I already tried using the htaccess file to override this, without any success.

The general idea is that Ghost bloggin runs on a shared hosting and actually everything works, except the context of the index (/) that is being redirected to index.php. I know it is not recommended, unfortunately I really like Ghost but I can not pay VPS or something similar.

I know it is not related to CPanel and the main question is: is it possible to apply some directive in .htaccess What could solve that problem?

Any idea how it can be filed?