RE: Squid security

To: <robr@mikka.net.au>, "'Debian Security'" <debian-security@lists.debian.org>
Subject: RE: Squid security
From: "Chris Harrison" <ChrisHarrison@Bigpond.com>
Date: Tue, 4 Dec 2001 21:10:17 +0800
Message-id: <[🔎] 01b001c17cc5$0c520d30$0d00a8c0@blackwin>
In-reply-to: <[🔎] 3C0DA094.E11AA98D@mikka.net.au>

If the IP address was staying the same, you could easily add a reference
to /etc/hosts.deny  But since you state that this is not the case it
will all be a little trickier.  There is no relevance as to whether the
IP addresses can resolve into host names or not.

I would suggest that the best solution would be to firewall off the
ports that squid uses on your box from unauthorized users.  How you go
about this is dependent on what kernel you are using and where your
firewall is.  If you need squid to be accessible from the outside world,
you may want to consider adding authentication to squid to stop random
hippies using your squid/bandwidth instead.  I believe this is made
possible through ACL (Access control Lists) in the most part.  Looking
through /etc/squid.conf here shows me that you can make ACL's to limit
access to certain IP's by the time of day etc.
There is a setting called authenticate_program in my squid.conf file.
What it does is supply the authenticate program and a password list for
all the valid users.  


-----Original Message-----
From: robr@mikka.net.au [mailto:robr@mikka.net.au] 
Sent: Wednesday, 5 December 2001 12:21 PM
To: Debian Security
Subject: Squid security

Recently, I had someone trying to browse the web from one of our servers
via squid.  Luckily, I didn't need squid for this machine, so I took it
off and emailed the hostmaster of the domain the person was doing it
from..luckily the IP address was the same.  i also managed to get the
IP address blocked by our ISP.

On another server, which I have squid running and want running, I keep
getting accesses from http://service.bfast.com/bfast/serve and someone
seems to be accessing web pages late at night when everyone has gone
home.  Trouble is, the IP addresses that access squid don't have host
names (ie. they don't exist) and they keep changing.  Is there any way
to block access to this and is there a good FAQ, etc.

It seems strange though, as the access is every few minutes and the
pages accessed have ads involved,while the first person (above) was
accessing squid regularly in spurts.


Thanks

Robert..

Reply to:

Follow-Ups:
- RE: Squid security
  - From: Rishi L Khan <rishi@UDel.Edu>

References:
- Squid security
  - From: Robert Ruzbacky <robr@mikka.net.au>

Prev by Date: Re: apache - bots
Next by Date: Re: apache - bots
Previous by thread: Re: Squid security
Next by thread: RE: Squid security
Index(es):
- Date
- Thread