I have been trying to get relayd to work as a Transparent http proxy on
a old OBSD 4.7 server today but I am having some trouble getting it to
do what I want. The transparent proxy works perfectly but I want to
block access to all websites unless their on a whitelist in the
relayd.conf file. We have squid proxy that all our web traffic should
go through but we also have some apps that just refuse to use a proxy
that we think we could let through the transparent proxy.
http protocol "httpfilter" {
tcp { nodelay, sack, socket buffer 65536, backlog 1000 }
return error
header change "Keep-Alive" to "$TIMEOUT"
header change "Connection" to "close"
request header log "Host"
label "Unauthorised Host please contact support@xxxxxxxx"
request header expect "undeadly.org" from "Host"
request header expect "*undeadly.org*" from "Host"
# label "BAD user agent"
# request header filter "Mozilla/4.0*" from "User-Agent"
# request header filter "SomeBrokeBrowser/1.0*" from "User-Agent"
# label "BAD Host request"
# request header filter "*youtube.com*" from "Host"
# request header filter "*myspace.com*" from "Host"
# request header filter "*facebook.com*" from "Host"
# request header filter "*bfriends.com*" from "Host"
request header change "Accept" to
"text/html,text/plain;q=0.9,*/*;q=0.8"
request header change "Accept-Charset" to "ISO-8859-1,utf-8;q=0.9"
request header change "Accept-Encoding" to "gzip"
request header change "Accept-Language" to "en-us,en;q=0.9"
request header change "User-Agent" to "InVis"
}
relay httpproxy {
listen on 127.0.0.1 port 8080
protocol "httpfilter"
forward to nat lookup
}
When the above config is loaded and I visit the undeadly website I just
get the following error.
Forbidden
incomplete request
OpenBSD relayd at 127.0.0.1 port 8080
Can someone help ?
Thanks
Keith
