chore(proxy): fix bad squid conf (#2002)

emosbaugh · web-flow · commit 32c20a3cf35f · 2025-03-25T10:24:11.000-05:00
diff --git a/e2e/scripts/enable-squid-whitelist.sh b/e2e/scripts/enable-squid-whitelist.sh
@@ -76,7 +76,7 @@ function main() {
     maybe_install curl curl
 
     # update the squid config to disable allow access from local networks
-    sed -i 's/http_access allow localnet/# http_access allow localnet/' /etc/squid/conf.d/ec.conf
+    sed -i 's/^http_access allow localnet$/http_access allow localnet whitelist/' /etc/squid/conf.d/ec.conf
 
     # restart the squid service
     squid -k reconfigure
diff --git a/e2e/scripts/install-and-configure-squid.sh b/e2e/scripts/install-and-configure-squid.sh
@@ -9,10 +9,13 @@ acl step1 at_step SslBump1
 ssl_bump peek step1
 ssl_bump bump all
 
+acl whitelist dstdomain \"/etc/squid/sites.whitelist.txt\"
+
+# this will allow all access to the internet from local IPs
 http_access allow localnet
 
-acl whitelist dstdomain \"/etc/squid/sites.whitelist.txt\"
-http_access allow whitelist
+# to restrict access so only local IPs can access the internet and only sites on the whitelist, instead use
+# http_access allow localnet whitelist
 "
 
 whitelist_txt="
