Score:0

Can Squid be configured to block URLs that specify an IP address instead of a host name?

in flag

I have a non-transparent Squid proxy (v5 running on Ubuntu 20.04) which serves as a gateway from my private network to the internet. In the network there's a victim machine for malware analysis, and some applications on it are configured to use the said proxy (and malwares may or may not use the proxy settings). I want to make sure that any requests whose destination domains don't match my whitelist will NOT get out of the network.

So I'm thinking about setting up a DNS server in the same network that checks if the requested domain is in the whitelist and returns the correct IP if it is, or otherwise returns the IP of my INetSim machine (a web server that returns static fake responses). In this way, if the victim host attempts to access any domain that doesn't match my whitelist through the proxy, the proxy requests the DNS server, gets a fake IP (to INetSim) and the request doesn't get out of the network...

EXCEPT that if the requested URL has an IP address in it (like http://3.5.7.9/blabla), Squid just tries to connect to that IP by default, right?

My question is, how do I configure squid to block those HTTP(S) requests with URLs that directly specify IP addresses? I did some googling but didn't find any answers.

Thanks in advance.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.