View this page in English

Censornet - internet filtering on your terms

BECTA Accredited products VMWare Certified Virtual Appliance Members of the Internet Watch Foundation Shortlisted for the BETT 2008 Awards Computer Security Awards finalist

Chat online now or call +44 (0) 845 230 9590 for help & advice

Connecting to a site on a non-standard port

July 15, 2011 • Customer Services

Synopsis

If you are trying to reach an HTTP/S site on a non-standard port such as https://somesite.com:12345 you are probably receiving an error message from the CensorNet. This article explains how to fix that problem.

Article

Because you are visiting a site on a non-standard port you first need to modify the Squid configuration. To do this log into the CN's command line as root and type the following commands :-

cd /etc/squid

nano squid.conf

Now that you are editing the file type

Ctrl-W SSL_ports

You should now find yourself on the first of three lines as follows :-

acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync

Simply add a line that looks something like this

acl SSL_ports port 12345 #Our special service

Note: If the port number you are trying to use is in the range 1-1024 you should also follow the next step, so if you've actually added something like

acl SSL_ports port 444 #Our special service

then you should also add a line a bit further down which reads

acl Safe_ports port 444 #Our special service

Type Ctrl-O to write the file

Type Ctrl-X to exit the editor

At the command line type

/etc/init.d/squid reload

Now that squid has been modified, if you are in the normal Sideways Proxy mode, and you have not enabled SSL Intercept Mode you should enter a url similar to the following into a Custom URL category that is set to allow :

somesite.tld:12345

There is no need to add such an entry if you have enabled SSL Intercept Mode.

If you are using In-Line mode, then SSL Intercept mode is enabled. It will also be necessary to add some firewall rules to ensure this non-standard port is re-directed to the CensorNet's filtering proxy. Perform the following actions at the command line :

cd /etc/network

chattr -i interfaces

nano interfaces

Towards the bottom you will probably see some firewall rules. Add rules similar to the following :

pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 12345 -j redirect --redirect-target ACCEPT

pre-up /sbin/iptables -t nat -A PREROUTING -d ! [PROXY_IP_ADDRESS] -p tcp --dport 12345 -j REDIRECT --to-port 8080

Exactly where you place these rules may be important. If in doubt consult Technical Support.

Once you have finished editing the file you should:

Type Ctrl-O RETURN to write the file

Type Ctrl-X to exit the editor

Back at the command line type

chattr +i interfaces

Now reboot the machine

reboot

Last modified on Fri, July 15, 2011 « Back

Twitter Icon - Click Here To Follow Us

Follow us on Twitter...

Stay up to date with the latest news, special offers and advice from CensorNet on Twitter... we are Tweeting regularly!

Join our mailing list

CensorNet Ltd is a registered company in England & Wales No. 05518629. © 2005-2011 CensorNet Ltd.
CensorNet™ and the 'CensorNet logo' are registered trademarks of CensorNet Ltd. All rights reserved. E&OE.
CensorNet web filtering is certified for VMware ® environments. VMware® is a trademark of VMware Inc.

Tel: +44 (0)845 230 9590 Fax: +44 (0)845 230 9591 Email: Click here to email us
Site Map | Privacy Policy | Terms & Conditions of Sale | Web Site Terms & Conditions

Back to the top