Re: [squid-users] A lot of this proxy on my reverse cache squid server

From: Gustavo Lazarte <glazarte@dont-contact.us>
Date: Sun, 27 Aug 2006 19:36:11 -0400

Hello,

should this in theory stop hackers from using my reverse proxy server?
thanks for all the help

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl ssl_ports ports 443 563
acl safe_port port 80
acl safe_port ....
acl connect method connect
acl mylan src 127.0.0.1
acl mysites 10.2.0.140

http_access allow manager localhost
http_access deny manager
http_access deny !safe_port
http_access deny to_localhost
http_access allow mysites
http_access deny all

http_reply_access allow MYLAN
http_reply_access allow all

Please let me know of any suggestions, the last time I started squid I had a lot of warning from out IDS.

Thanks again for all the help

Gustavo

----- Original Message -----
From: Henrik Nordstrom
[mailto:henrik@henriknordstrom.net]
To: Gustavo Lazarte
[mailto:glazarte@hurdit.com]
Cc: squid-users@squid-cache.org
Sent: Sat, 26
Aug 2006 08:23:43 -0400
Subject: Re: [squid-users] A lot of this proxy on my
reverse cache squid server

> fre 2006-08-25 klockan 14:40 -0400 skrev Gustavo Lazarte:
>
> > I am new to squid so my guess is that. Do I need to cut access to other
> sites from my squid? Does a ACL change should take care of this?
>
> Correct. You should set up access to only allow access to your sites.
>
> acl mysites dstdomain ...
> http_access allow mysites
>
> where squid.conf default rules say you should add your rules..
>
> Regards
> Henrik
>
>
>
Received on Sun Aug 27 2006 - 17:52:17 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT