0

I have a setup comprising of a server, a proxy server and a client. I need to test out a simple feature where I want to ensure that all the requests are going to the server through the proxy server only and no requests can be sent to the server directly from the client. Ideally I can block this direct communication by setting up a rule on the server's firewall to block the requests from the client directly.

Unfortunately I cannot modify any configurations on the server and the only option I can see is blocking any request to the server on my Windows client. I have tried setting up the the inbound and outbound rules for the same on my client but it doesn't seem to work.

The service I'm trying to test uses cURL internally to make these requests.

Is there anything I can do on my client to ensure that no requests can be made to the server from the client directly?

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
Prateek Bajpai
  • 1
  • You need to tell us if the server and proxy are on the same or different hosts. Also what OS these are running on and what software implements them and how the proxy and server are currently configured – symcbean Oct 03 '22 at 16:58
  • Hi, thanks for tip. I'm actually new here so don't know how this works. Okay so both the proxy and the server are on different hosts, and the proxy is squid proxy running over CentOS 8, and the server is running Windows Datacenter 2019. There is nothing much to tell about the server just that I'm using REST APIs to communicate to a service on the server. I just want these requests to go through the proxy only and want to be entirely sure of this by blocking any communication between the client and the server. Thanks! – Prateek Bajpai Oct 03 '22 at 21:49

1 Answers1

1

Is there anything I can do on my client to ensure that no requests can be made to the server from the client directly?

Not really.

The closest you can come is to add the hostname from the URL tree of the service to the hosts file on the client and ensure that the permissions for modifying the file are as restrictive as possible. But all you are doing is breaking the client in an easily reversible way. It sounds like the XY problem.

symcbean
  • 21,009
  • 1
  • 31
  • 52