Fw: [squid-users] dont want to share the cache from Ehsan Lesani on 2003-08-19 (squid-users)

From: Ehsan Lesani <ehsan@dont-contact.us>
Date: Tue, 19 Aug 2003 11:32:03 +0430

Dear friends.
Probobly it is one of the best ways that we block strange IP addresses bye
using a firewall on the layer 3 of our stream.

But bye doing this one then you can be sure that no one out of your LAN can
use your cache server.
And one thing else, when you are configuring squid it would be better that
you do your best instead of not to configure some part of it because of your
firewall.

best regards.
ehsan lesani.
  ----- Original Message -----
  From: Roger Joseph
  To: 'Ehsan Lesani'
  Cc: squid-users@squid-cache.org
  Sent: Monday, August 18, 2003 10:09 PM
  Subject: RE: [squid-users] dont want to share the cache

  I had previously said to use Ipfw or ipchains to create a rule that
  drops packets destined for the port, or restrict in the linux firewall
  instead of at the service level.

  Isn't it better to have data dropped from the network layer (layer 3
  filtered) rather than let an independent service manage it's access. My
  idea is why let a possible attacker hack and hack away at a service till
  they get in (buffer overflow) when you can just drop all packets at
  layer 3 with source external to LAN. An attacker never gets to try or
  attempt to hack away at your service.

Am I out on a limb here? Anyone agree or disagree?

  -----Original Message-----
  From: Ehsan Lesani [mailto:ehsan@safineh.net]
  Sent: Monday, August 18, 2003 8:13 AM
  To: franklin.lecointre@iga-pegase.fr
  Cc: squid-users@squid-cache.org
  Subject: Re: [squid-users] dont want to share the cache

you can do it ba http_access and acls in squid.conf

  Best Regards.
  Ehsan Lesani
    ----- Original Message -----
    From: franklin LECOINTRE
    To: squid-users@squid-cache.org
    Sent: Monday, August 18, 2003 4:31 PM
    Subject: [squid-users] dont want to share the cache

    hello,
    I want to restrict the squid cache I have to the users of my network,
  and
  I
    dont want somebody on Internet use it.
    How can I do ?

    Thanks
    Franklin LECOINTRE
    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.509 / Virus Database: 306 - Release Date: 12/08/2003
Received on Tue Aug 19 2003 - 01:02:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:58 MST