tis 2010-06-22 klockan 11:09 -0700 skrev Superted666:
> # And finally deny all other access to this proxy
> http_access allow all
One culpit is here: You allow whole world to do pretty much whatever
they like via your proxy.
What you should have is an acl listing your web sites, and allow only
that.
acl port80 port 80
acl mysites dstdomain your.website.domain
http_access allow port80 mysites
And followed by a deny all as the comment says
http_access deny all
> http_port 77.92.76.176:80 transparent
The other culpit is here. You have configured your proxy as a
transparently intercepting Lan->Internet proxy. While your actual use is
as a reverse proxy / accelerator in front of your web server (Internet
-> Webserver).
Should read
http_port 77.92.76.176:80 accel defaultsite=your.website.domain
In addition you need a cache_peer line telling Squid how to contact the
actual web server.
cache_peer 127.0.0.1 parent 80 0 originserver
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
Regards
Henrik
Received on Tue Jun 22 2010 - 18:33:22 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 23 2010 - 12:00:04 MDT