Re: [squid-users] newbie question - URGENT

From: Joe Cooper <joe@dont-contact.us>
Date: Fri, 04 May 2001 21:59:07 -0500

You probably don't want to direct requests for your local websites
through the cache. Unless those sites are overloaded, there is no
benefit to this (well, there are some potential security benefits, but
I'm going to assume those sites are secured already).

Next, create src ACLs for all of your dialup pool subnets.
Then allow those ACLs.
Finally, deny the 'all' ACL.

This will only allow your local clients to proxy through the cache.

i.e. something like this:

acl dialups src 192.168.1.0/255.255.255.0

http_access allow dialups
http_access deny all

It's just that easy.

System Administrator wrote:

> Hi,
>
> I'm running squid-2.2stable5.
>
> System is slackware linux 2.2.18, PIII/800, 512mb RAM, 40gig EIDE,
> apache 1.3.6-SSL
>
> I would like to make sure I understand something correctly (?).
>
> I have a bunch of dialup customers and I host a couple of website. Don't
> I only want local clients (those belonging to me class c network), being
> able to retrieve pages, and the general public being able to retrieve
> only pages from my site and sites I host - nothing else?
>
> I'm asking because my traffic has gone crazy and it's costing me a large
> fortune, and soaking up all my bandwidth so my local clients get poor
> response time, as clients from around the world access sites that are
> not local to me, and are sending and receiving gigs of data which I'm am
> paying for...
>
> Obviously I need a crash course in security and firewalling, but are
> there any params I can put in squid to disallow all non-local (ie not in
> my address range), and non-locally hosted pages?
>
> Any help is greatly appreciated.
>
> Thanks
>
> Phillip

                                   --
                      Joe Cooper <joe@swelltech.com>
                  Affordable Web Caching Proxy Appliances
                         http://www.swelltech.com
Received on Fri May 04 2001 - 20:50:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:49 MST