I am setting up a proxy server to filter web traffic. I have added an access-group on the pix to control access on the inside interface.
Here is what I have added:
access-list acl_in permit tcp host MyProxyserverIPaddress any eq http
access-list acl_in permit tcp host MyProxyserverIPaddress any eq https
access-list acl_in permit icmp any any
access-list acl_in permit ip any any
access-list acl_in deny tcp any any eq http
access-list acl_in deny tcp any any eq https
access-group acl_in in interface inside
I want to allow only to the proxy server to have outbound access for http/https traffic. All client must configure their web browser with the ProxyserverIPaddress. If any client attemps outbound access to the web http/https their traffic should be blocked at the pix. Only client with the proper web browser proxy configuration will be aloud to access the we through the proxy server using the ProxyserverIPaddress.
Only the proxy server should be permitted outbound access to the web (http/https traffic).
Even though I have applied this access group. Clients can still access the web with out using a proxy server.
I have written the config to mem and reloaded the pix.
Any suggestions?