search cancel

Stop Public IPs From Accessing Explicit Forward Proxy Services

book

Article ID: 173722

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

  • Proxy is intercepting unwanted traffic from external requests and forwarding them to a destination.
    • Example: CONNECT Request from [External IP address] Answered by proxy and forwarded to External Destination.
  • The proxy is able to be reached by the external world and will process explicit connections.

Resolution

The ideal situation for having a proxy in your environment is that the proxy would be behind a NAT and this would make CONNECT requests

The next ideal situation would be to block port 8080 traffic before it gets to the proxy on the firewall. 

However, should the situation arise that you need to manage this on the proxy please follow the instructions below.

 

Apply IP addresses required for source traffic at the service listener level (typically private IP address ranges are all you would need). This will cause the Proxy to only intercept traffic that comes from the IP address ranges specified. If you only specify private IP address ranges, then the Proxy will not intercept Public IP address sources.

Below is an example of doing this on the 8080 (default) Explicit proxy service:

 

Attachments