Re: squid.conf

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 09 Feb 1998 23:48:56 +0100

If you only want to get going, and no security issues to worry about
then all you have to do is to start Squid and reconfigure the browsers
to use the proxy. The default config is a non-restricted public proxy.

In most "firewall" situations there are however two security issues:
* Controlling which ones that are allowed to use the proxy
* Controlling what people use it to

Both of these checks is done with ACL lists in squid.conf.

The first ACL lists you should use is
acl localnet src 10.1.1.0/255.255.255.0
(replace 10.1.1.0 with your network address)

and change
http_access allow all
to
http_access allow localnet
http_access deny all

and
icp_access allow all
to
icp_access deny all

Then read the "ACCESS CONTROL" section in squid.conf, and decide what
you really want to control.

---
Henrik Nordström
Sparetime Squid Hacker
Received on Mon Feb 09 1998 - 15:15:15 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:50 MST