I have a non-transparent Squid proxy (v5 running on Ubuntu 20.04) which serves as a gateway from my private network to the internet. In the network there's a victim machine for malware analysis, and some applications on it are configured to use the said proxy (and malwares may or may not use the proxy settings). I want to make sure that any requests whose destination domains don't match my whitelist will NOT get out of the network.
So I'm thinking about setting up a DNS server in the same network that checks if the requested domain is in the whitelist and returns the correct IP if it is, or otherwise returns the IP of my INetSim machine (a web server that returns static fake responses). In this way, if the victim host attempts to access any domain that doesn't match my whitelist through the proxy, the proxy requests the DNS server, gets a fake IP (to INetSim) and the request doesn't get out of the network...
EXCEPT that if the requested URL has an IP address in it (like http://3.5.7.9/blabla
), Squid just tries to connect to that IP by default, right?
My question is, how do I configure squid to block those HTTP(S) requests with URLs that directly specify IP addresses? I did some googling but didn't find any answers.
Thanks in advance.