Should http traffic be blocked to enable non transparent proxy?
Question by computersrmyfriends: Should http traffic be blocked to enable non transparent proxy?
I would like to know if HTTP traffic should be blocked on Linux based firewalls to enable non transparent proxy (ie automatic redirection to a login page when a user tries to open any webpage).
P.S:The firewall I’m using is ENDIAN firewall.
Answer by Mad Dog Laurie
I think you’re more interested in port forwarding than blocking in this case.
Say if I’ve got squid running on my firewall box and it’s accepting connections on port 8080, Web browsers are still going to send requests off to port 80 for HTTP and port 443 for HTTPS requests. It’s just the way they work (unless you override it with the :portno at the end of the domain name).
It’s the firewalls job to redirect port 80 requests to port 8080 where the proxy is listening and then the proxy can handle the request on behalf of all the hosts you’ve got on your LAN.
Add your own answer in the comments!