Webproxy -- acl safe ports

emb3dd3d · October 1, 2018, 10:08pm

Hi… I am using webproxy in non transparent mode(not a big diff)… but I have an issue… I have SSL sites that we access that arent on standard SSL port … ie 8443, 8444… after diving through some settings I tried adding as proxy-bypass ipaddx but I have no luck… so I looked at the low level squid.conf and see that the acl_safe_ports are locked down to specific ports. Is there a command or workaround for adding the safe port to the webproxy without manually modifying the .conf and adjusting the vyatta-update-webproxy.pl script?

I will take a closer look at my bypass urls… and play around a little bit more. If you have any ideas, I would appreciate them.

Thankx

c-po · October 2, 2018, 7:55am

Hi @emb3dd3d there is yet no way to tune the acl Safe_ports value through the VyOS CLI.

You should either patch your vyatta-update-webproxy.pl (workaround) or better, submit a GitHub Pull Request implementing this functionality.

Please note: modified files won’t survive a system update.

emb3dd3d · October 2, 2018, 3:40pm

yes… I anticipated that answer… ok… well . I will do my thing… and hopefully not have to update the image too much…

Thanks again… I will try to get time to add to the Feature Request when I get a chance.

zsdc · October 2, 2018, 6:46pm

Or, if you want to your modification to survive during system updates, you can use system event-handler and script, that will be modify /etc/squid3/squid.conf and restart service every time when squid is started.

emb3dd3d · October 2, 2018, 7:38pm

great thought… I hadn’t used that option on any of my installs as of yet. Will give it a shot… I did patch the vyatta-update-webproxy.pl which will work well until i get to play with the event-handler… Thanks for that catch!