Re: Squid security
That's majorly overkill when there's access controls in squid itself. Why
take a sledgehammer to break a nut.
----- Original Message -----
From: "Rishi L Khan" <firstname.lastname@example.org>
To: "Chris Harrison" <ChrisHarrison@bigpond.com>
Cc: <email@example.com>; "'Debian Security'"
Sent: Tuesday, December 04, 2001 3:27 PM
Subject: RE: Squid security
> Another way to do it is setup an automatic proxy script that tells the
> browser which port on the squid box to go to. Then you can periodically
> change the port. (Or you can just change to an obscure port and hope less
> people find it).
> On Tue, 4 Dec 2001, Chris Harrison wrote:
> > If the IP address was staying the same, you could easily add a reference
> > to /etc/hosts.deny But since you state that this is not the case it
> > will all be a little trickier. There is no relevance as to whether the
> > IP addresses can resolve into host names or not.
> > I would suggest that the best solution would be to firewall off the
> > ports that squid uses on your box from unauthorized users. How you go
> > about this is dependent on what kernel you are using and where your
> > firewall is. If you need squid to be accessible from the outside world,
> > you may want to consider adding authentication to squid to stop random
> > hippies using your squid/bandwidth instead. I believe this is made
> > possible through ACL (Access control Lists) in the most part. Looking
> > through /etc/squid.conf here shows me that you can make ACL's to limit
> > access to certain IP's by the time of day etc.
> > There is a setting called authenticate_program in my squid.conf file.
> > What it does is supply the authenticate program and a password list for
> > all the valid users.
> > -----Original Message-----
> > From: firstname.lastname@example.org [mailto:email@example.com]
> > Sent: Wednesday, 5 December 2001 12:21 PM
> > To: Debian Security
> > Subject: Squid security
> > Recently, I had someone trying to browse the web from one of our servers
> > via squid. Luckily, I didn't need squid for this machine, so I took it
> > off and emailed the hostmaster of the domain the person was doing it
> > from..luckily the IP address was the same. i also managed to get the
> > IP address blocked by our ISP.
> > On another server, which I have squid running and want running, I keep
> > getting accesses from http://service.bfast.com/bfast/serve and someone
> > seems to be accessing web pages late at night when everyone has gone
> > home. Trouble is, the IP addresses that access squid don't have host
> > names (ie. they don't exist) and they keep changing. Is there any way
> > to block access to this and is there a good FAQ, etc.
> > It seems strange though, as the access is every few minutes and the
> > pages accessed have ads involved,while the first person (above) was
> > accessing squid regularly in spurts.
> > Thanks
> > Robert..
> > --
> > To UNSUBSCRIBE, email to firstname.lastname@example.org
> > with a subject of "unsubscribe". Trouble? Contact
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact