Relayd as Transparent HTTP Proxy problem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Relayd as Transparent HTTP Proxy problem

Keith-125
I have been trying to get relayd to work as a Transparent http proxy on
a old OBSD 4.7 server today but I am having some trouble getting it to
do what I want. The transparent proxy works perfectly but I want to
block access to all websites unless their on a whitelist in the
relayd.conf file.  We have squid proxy that all our web traffic should
go through but we also have some apps that just refuse to use a proxy
that we think we could let through the transparent proxy.

http protocol "httpfilter" {
     tcp { nodelay, sack, socket buffer 65536, backlog 1000 }
     return error
     header change "Keep-Alive" to "$TIMEOUT"
     header change "Connection" to "close"

     request header log "Host"
     label "Unauthorised Host please contact support@xxxxxxxx"
     request header expect "undeadly.org" from "Host"
     request header expect "*undeadly.org*" from "Host"

#   label "BAD user agent"
#   request header filter "Mozilla/4.0*" from "User-Agent"
#   request header filter "SomeBrokeBrowser/1.0*" from "User-Agent"

#   label "BAD Host request"
#    request header filter "*youtube.com*" from "Host"
#    request header filter "*myspace.com*" from "Host"
#    request header filter "*facebook.com*" from "Host"
#    request header filter "*bfriends.com*" from "Host"

     request header change "Accept" to
"text/html,text/plain;q=0.9,*/*;q=0.8"
     request header change "Accept-Charset" to "ISO-8859-1,utf-8;q=0.9"
     request header change "Accept-Encoding" to "gzip"
     request header change "Accept-Language" to "en-us,en;q=0.9"
     request header change "User-Agent" to "InVis"
}

relay httpproxy {
         listen on 127.0.0.1 port 8080
         protocol "httpfilter"
         forward to nat lookup
}


When the above config is loaded and I visit the undeadly website I just
get the following error.

Forbidden
incomplete request
OpenBSD relayd at 127.0.0.1 port 8080

Can someone help ?

Thanks
Keith

Reply | Threaded
Open this post in threaded view
|

Re: Relayd as Transparent HTTP Proxy problem

Philip Guenther-2
On Wed, Feb 6, 2013 at 4:03 PM, Keith <[hidden email]> wrote:
> I have been trying to get relayd to work as a Transparent http proxy on a
> old OBSD 4.7 server today but I am having some trouble getting it to do what
> I want. The transparent proxy works perfectly but I want to block access to
> all websites unless their on a whitelist in the relayd.conf file.  We have
> squid proxy that all our web traffic should go through but we also have some
> apps that just refuse to use a proxy that we think we could let through the
> transparent proxy.
...
> Can someone help ?

There have been *massive* changes in relayd in recent releases...and
you're using a release from almost 3 years ago.

So: set up a new server running 5.2 next to your current one, then
transition everything to it, then give it another shot.


Philip Guenther