On Wed, 16 Mar 2005, deny1 wrote:
> #Recommended minimum configuration:
> acl localdomain src 192.168.0.0/255.255.255.0
>
> acl eth0 src 192.168.0.0/255.255.255.0
These two looks redundant to me.
> acl users proxy_auth REQUIRED
>
> http_access allow eth0 users
This should be moved last in your http_access rules.
The list of http_access rules is important as they are evaluated in the
order listed. By you having this rule first
> # Only allow cachemgr access from localhost
> http_access allow manager localdomain
Why have you changed this to localdomain? (was localhost)
> http_access allow localdomain
And this should be removed I think. Redundant with the eth0 rule above..
and should also be last (if not removed)
> # Deny requests to unknown ports
> http_access deny manager
> # Deny CONNECT to other than SSL ports
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> http_access deny to_localhost
here is where your custom rules should be.
and you should finish with a
http_access deny all
as in the squid.conf shipped with Squid.
Regards
Henrik
Received on Wed Mar 16 2005 - 03:58:18 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST