[squid-users] Securing squid3

From: Andreas Westvik <andreas_at_spbk.no>
Date: Thu, 14 Feb 2013 15:43:06 +0100

Hi everybody

I have been running squid3 on my Debian squeeze on/off for a few weeks now.
And there is a few things Im not sure of

1. How can I be sure that Im running it securely? I really only want squid3 to server my local clients (192.168.0.0/32).
2. Can I bind squid3 to only listen to any device/ip?
3. just for fun, I have setup havp on a different server. Is it possible to send my http traffic to that server first? (havp runs on 192.168.0.24) Then back to squid3?

As of now, I need to configure my clients to connect to that havp server, then havp will send traffic back to squid. But I would like to happen with some automatic iptables commands.
I have tried several iptables setup, but nothing will make this work. I cannot for the life of me intercept the port 80 traffic, then redirect it to 192.168.0.24:3127

Like this: Client -> Gw 192.168.0.1 -> havp 192.168.0.24:3127 -> squid3 192.168.0.1:3128 -> internets

This is my setup:

http_port 3128 transparent
acl LAN src 192.168.0.0/32
acl localnet src 127.0.0.1/255.255.255.255
http_access allow LAN
http_access allow localnet
cache_dir ufs /var/spool/squid3 5000 16 256

#Block
acl ads dstdom_regex -i "/etc/squid3/squid.adservers"
http_access deny ads

eth3: 192.168.0.1 (non-dhcp envirment)
eth4: wan official ip (non-dchp)

-Andreas
Received on Thu Feb 14 2013 - 14:43:15 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 14 2013 - 12:00:05 MST