Re: Squid available from outside

From: Rodney Holm <rodneyh@dont-contact.us>
Date: Wed, 17 Mar 1999 15:43:54 -0700

Is it possible for you to manipulate the firewall rules? If it is, then it
would just be a matter of denying access to the port that squid listens on.
That is of course assuming that the box you are running squid on is multi-homed
and is routing the packets between your lan and your Internet connection. You
would simply tell the firewall to deny packets destined for that port from the
WAN side of the link.

If your squid box is not multi-homed then the scenario below would work, you may
want to use an allow US instead.

Simon Bryan wrote:
>
> It has been pointed out to me that my Squid proxy server can be
> accessed from outside our intranet. I do not want to go to user
> authentication (yet!), could I do something like
>
> acl US src 'our ip address range'
>
> http_access deny !US
>
> If so would this slow down Squid much?
> Is Squid likely to slow noticeably from a large number of ACL's?
> If so what would that large number be?
>
> BTW I have sorted out the time restrictions I was trying to do with
> CRON (they worked) but the acl time rules are much smoother,
> once you work out the sequence and the rules about ANDing and
> ORing!
>
> --
> Simon Bryan sbryan@olmc.nsw.edu.au
> Information Technology Manager sbryan@mpx.com.au
> OLMC Parramatta

-- 
-------------------------------------------------------------------------------
Rodney D. Holm                  rodneyh@apexxtech.com
Apexx Technology, Inc.          http://www.apexxtech.com
-------------------------------------------------------------------------------
Received on Wed Mar 17 1999 - 15:33:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:19 MST