[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now



Posted on 2007-10-01
Medium Priority
Last Modified: 2010-03-17
how to disable proxy in squid 2.6 STABLE10
Question by:askar73
LVL 19

Expert Comment

ID: 19989794
/etc/init.d/squid stop
chkconfig squid off
LVL 13

Expert Comment

ID: 19995373
The whole point of squid is to proxy http traffic.  There is no actual way within squid to stop proxying requests.  Alextoft's solution will do exactly what you need unless you have iptables rules redirecting traffic in which case you will need to delete these rules and put in a masqurade rule.
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 19996229
if you are using transparent caching, then you can just add a rule to your iptables to not forward that source ip to squid:
iptables -I PREROUTING -t nat -s IP.THAT.WILLBE.DIRECT -p tcp --dport 80 -j ACCEPT

if what you do not want is caching but proxy, or whatever else:
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 20003927
I Just want to use squid as a transparent proxy which will authenticate every source ip through my firewall and no one should use proxy setting to by pass the route.In squid 2.4 there is an option called httpd_accel_with_proxy to disable proxy but in squid 2.6 there is no option called httpd_accel_with_proxy.Is there any other way to disable proxy in squid 2.6?!
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 20007935
I remember disabling direct access to squid with
iptables -A PREROUTING -t nat -s localnetwork/24 -p tcp --dport 3128 -j DROP

being before the redirect rule to squid... you could give it a try
LVL 19

Accepted Solution

Gabriel Orozco earned 200 total points
ID: 20243345
Hi askar73

I figured out what you were asking. please check this

the other way I disabled direct connections to the proxy was

#Assuming eth0 is the local interfase:
# disable direct connection to port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j DROP
# now redirecting anything going to port 80 to 3128. it works!
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

that way direct connections do not work, while transparent redirects do. is that what you asked?

Expert Comment

ID: 20521576
Forced accept.

EE Admin

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question