Re: [squid-users] a better squid.conf? foodconcepts.net? {Scanned}

Dean Durant wrote:
> Hello, I posted my squid.conf before, and someone made the observation that
> I was allowing a lot of different things and that "someone evil" had
> figured this out. I have tried to tighten it up. And when I do a
> netstat -vat, I keep seeing food?.foodconcepts.net, which is not a
> legitimate hostname at all. Is this as bad as I fear it could be?
> Access through this squid box continues to be slow for uploads. Thanks,
> Dean
> ___________________________________________________
>
> http_port 3128
> http_port 80
> https_port 3128
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_mem 64 MB
> cache_dir ufs /usr/local/squid/cache 400 16 256
> cache_access_log /usr/local/squid/logs/access.log
> cache_log /usr/local/squid/logs/cache.log
> pid_filename /usr/local/squid/logs/squid.pid
> debug_options 4,10 26,2 83,10
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl fulda dst 130.0.0.0/255.0.0.0
> acl origNet src 192.9.70.0/255.255.255.0
> acl abyzNetU src 130.16.64.0/255.255.192.0
> acl abyzNetW src 130.16.128.0/255.255.192.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl scanner dst 192.9.70.243
> acl autoweb dst 67.109.76.29
> acl SSL_ports port 443 563
> acl CONNECT method CONNECT
> acl abyz_forbidden url_regex
> "/usr/local/squid/etc/abyzforbidden/abyz_blocked.txt"
> acl abyz_forbidden_always url_regex
> "/usr/local/squid/etc/abyzforbidden/abyz_deny.always"
> acl abyz_forbidden_lunch url_regex
> "/usr/local/squid/etc/abyzforbidden/abyz_deny.lunch"
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow fulda
> http_access allow origNet
> http_access allow abyzNetW
> http_access allow abyzNetU
> http_access deny all
> http_reply_access allow all
> cache_mgr help@abyz-us.com
> cache_effective_user squid
> cache_effective_group squid
> visible_hostname srvproxy228
> dns_testnames google.com internic.net nlanr.net ibm.com
>
> _________________________________________________________________________________________________________________
>
> Dean Durant
>

food?.* may be one of the new International domains. In which case its
probably bad. Check that with netstat -ant, and an rDNS of the IP.

The squid.conf here looks pretty good from an access point of view.
Just two things:
  - why are you allowing blanket access to the 'fulda' 130.0.0.0/8
network? If you are trying to run an accelerator-mode proxy, you would
do better with configured cache_peers. For an internal->internal
accepting rule the blanket internal->anywhere rules should suffice.

  - You are either not showing the entire squid.conf, or its not the one
you are running. Safe_Ports is used but undefined. That would crash
squid on startup.

Amos

-- 
Please use Squid 2.6.STABLE20 or 3.0.STABLE5