Is it possible for you to manipulate the firewall rules? If it is, then it
would just be a matter of denying access to the port that squid listens on.
That is of course assuming that the box you are running squid on is multi-homed
and is routing the packets between your lan and your Internet connection. You
would simply tell the firewall to deny packets destined for that port from the
WAN side of the link.
If your squid box is not multi-homed then the scenario below would work, you may
want to use an allow US instead.
Simon Bryan wrote:
>
> It has been pointed out to me that my Squid proxy server can be
> accessed from outside our intranet. I do not want to go to user
> authentication (yet!), could I do something like
>
> acl US src 'our ip address range'
>
> http_access deny !US
>
> If so would this slow down Squid much?
> Is Squid likely to slow noticeably from a large number of ACL's?
> If so what would that large number be?
>
> BTW I have sorted out the time restrictions I was trying to do with
> CRON (they worked) but the acl time rules are much smoother,
> once you work out the sequence and the rules about ANDing and
> ORing!
>
> --
> Simon Bryan sbryan@olmc.nsw.edu.au
> Information Technology Manager sbryan@mpx.com.au
> OLMC Parramatta
-- ------------------------------------------------------------------------------- Rodney D. Holm rodneyh@apexxtech.com Apexx Technology, Inc. http://www.apexxtech.com -------------------------------------------------------------------------------Received on Wed Mar 17 1999 - 15:33:54 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:19 MST