Re: [squid-users] A lot of this proxy on my reverse cache squid server

Hello,

should this in theory stop hackers from using my reverse proxy server?
thanks for all the help

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl ssl_ports ports 443 563
acl safe_port port 80
acl safe_port ....
acl connect method connect
acl mylan src 127.0.0.1
acl mysites 10.2.0.140

http_access allow manager localhost
http_access deny manager
http_access deny !safe_port
http_access deny to_localhost
http_access allow mysites
http_access deny all

http_reply_access allow MYLAN
http_reply_access allow all

Please let me know of any suggestions, the last time I started squid I had a lot of warning from out IDS.

Thanks again for all the help

Gustavo

----- Original Message -----
From: Henrik Nordstrom
[mailto:henrik@henriknordstrom.net]
To: Gustavo Lazarte
[mailto:glazarte@hurdit.com]
Cc: squid-users@squid-cache.org
Sent: Sat, 26
Aug 2006 08:23:43 -0400
Subject: Re: [squid-users] A lot of this proxy on my
reverse cache squid server

> fre 2006-08-25 klockan 14:40 -0400 skrev Gustavo Lazarte:
>
> > I am new to squid so my guess is that. Do I need to cut access to other
> sites from my squid? Does a ACL change should take care of this?
>
> Correct. You should set up access to only allow access to your sites.
>
> acl mysites dstdomain ...
> http_access allow mysites
>
> where squid.conf default rules say you should add your rules..
>
> Regards
> Henrik
>
>
>
Received on Sun Aug 27 2006 - 17:52:17 MDT