Heya Nehal,
You were talking about open proxy which, in your case, letting non-specific network address to access your cache server. Yes, your bandwidth is probably used up by others (this would explains why your users complains about slow access) from internet. Therefore, if you put a specific access list (acl) in squid.conf, those problem may be avoided (I assume you know that your bandwidth is not depleted or no congested connection detected). For example, you can have these lines in squid.conf :
acl all src 0.0.0.0/0.0.0.0
acl myusers src 192.168.0.0/255.255.255.0
and also add
http_access allow myusers
http_acess deny all
This configuration will allow connections only from network 192.168.0.0 and deny other. Of course, 192.168.0.0 is my fictional, you can change it with your network address or a specific IP address.
However, this configuration is not fool-proof. As Squid can not verify source of request, spoofing source address can render above configuration useless. In my experience, person that would go through all the hassles of spoofing his/her address just to use others proxy cache server is usually a carder. I suggest that you should employ a DMZ style, spoof-proof firewall to avoid carders using your server.
-- Regards, Anthony M. Rasat Speednet Palangkaraya PT. HGP Palangkaraya - Indonesia.- PS : Speednetindia.com? You should check out my signature. On Tue, 26 Nov 2002 11:03:11 +0530 (IST) <squid_nehal@speednetindia.com> wrote: > > Hello Sir, > > First, Thank you very much for your kind reply. > > As I have solve the problem, I would like to tell you how did i solve the > problem. > > I have written "acl src" in such a manner that all Ips and all computer who > know my port and squid server ip, can access the internet. As soon as i > restricted the users so that only perticular ips can go to internet, these > errors disappear. > > I think that the users out site of my network might access the internet > through my squid server. May be, they have given my squid server in their > proxy setting. Sir, Is it possible?? > > Thank you once again. > > Yours faithfully, > Nehal. > > >squid_nehal@speednetindia.com wrote: > >> > >> Hello, > >> > >> I have linux7.2 pc and squid 2.4stable1. we have around 100 users who > >> are always online. When i see the /var/log/squid/cache.log file i > >> found that there are some error continuous appearing. That errors are > >> as follow. > > > > You may have flaky Internet connection to some sites. > > > > Check the Linux part of the SQUID faq too, ECN settings etc. > > > > M. > > > > > >> > >> DATE TIME sslReadServer: FD 223 :read failure: (104) Connection reset > >> by peer. > >> DATE TIME sslReadServer: FD 340 :read failure: (104) Connection reset > >> by peer. > >> DATE TIME sslReadServer: FD 200 :read failure: (104) Connection reset > >> by peer. > >> DATE TIME sslReadServer: FD 624 :read failure: (104) Connection reset > >> by peer. > >> DATE TIME sslReadServer: FD 711 :read failure: (104) Connection reset > >> by peer. > >> DATE TIME sslReadServer: FD 231 :read failure: (104) Connection reset > >> by peer. > >> > >> What do these errors mean? > >> > >> After some time my all users complain me that surfing speed is too > >> slow to surf.. > >> > >> Is there any solution? Do i have to modification in squid.conf etc.? > >> Please help me.... > >> I searched in all sites but not get solution. > >> > >> Thanks in advance. > >> > >> Yours faithfully, > >> Nehal. > > > > -- > > > > 'Time is a consequence of Matter thus > > General Relativity is a direct consequence of QM > > (M.E. Mar 2002) > > >Received on Mon Nov 25 2002 - 23:32:35 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:33 MST