Re: [squid-users] l wnat to prevent anyone from using Squid to probe my internal network without using acls... how to do

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 29 Dec 2001 18:24:28 +0100

The tcp_incoming_address was replaced by the ability to specify address in
http_port.

Also, make sure you are aware of the limitations/issues with making dualhomed
systems, and beware of things like source routing. Use of firewalling
recommended.

Regards
Henrik Nordström
MARA Systems AB

On Saturday 29 December 2001 15.39, usha wrote:
> l wnat to prevent anyone from using Squid to probe my internal network
> without using acls( since I read document that the more complicated an ACL
> is, the slower Squid will be to respond to requests)
>
> Hope I can do it with the following directives
>
> tcp_incoming_address
>
> tcp_outgoing_address
>
> udp_incoming_address
>
> udp_outgoing_address
>
> But Im using squid2.4-STABLE2 ,it has no tcp_incoming_address .... what
> is the advantage of not having this directive .... Will it provide
> aditional security...?

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Sat Dec 29 2001 - 10:29:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:31 MST