On 2014-02-14 05:27, Antony Stone wrote:
> On Thursday 13 February 2014 at 16:19:16, khadmin wrote:
>
>> HI Antony,
>> Actually I'm trying to have something that works without any
>> restrictions
>> or control.
You mean?
http_access allow all
- does exactly what you just said. But is very insecure as it drops
protection against attackers and the protocol smuggling vulnerabilities
in HTTP. The below from Antony is best-practice advice:
>
> Have you tried taking the competely default squid.conf, adding an acl
> for the
> source IP range of your network (see the example lines starting with
> "#acl
> localnet src"), and an http_access allow rule for that network range
> (see the
> example line "#http_access allow localnet"), with no other changes?
>
> That should do what you're trying to achieve.
>
>
> Antony.
Note that the _documentation file_ you currently have is not actually
the default config. Your Squid should have installed with a
squid.conf.default file which is the actual default configuration for
Squid. If that is missing for any reason the wiki release page contains
a copy:
http://wiki.squid-cache.org/Squid-3.3
Amos
Received on Thu Feb 13 2014 - 22:10:20 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 14 2014 - 12:00:04 MST