[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Squid security

ACL's are avalible in squid, what you can do is setup an ACL to allow only
your networks IP's to connect to squid, and deny everything else.

like this:

acl all src
acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx

and then,

http_access allow private_networks0
http_access allow private_networks1
http_access deny all

Pretty similar to a firewall rule setup, another security measure you can
take is, if your squid proxy has multiple interfaces, like one public and
one private, you can set the tcp_incoming_address and tcp_outgoing_address -
this means squid won't actually listen on the external address, but will use
it for external connections.

Hope this is off assistance.


-----Original Message-----
From: robr@mikka.net.au [mailto:robr@mikka.net.au]
Sent: Wednesday, 5 December 2001 17:21
To: Debian Security
Subject: Squid security

Recently, I had someone trying to browse the web from one of our servers
via squid.  Luckily, I didn't need squid for this machine, so I took it
off and emailed the hostmaster of the domain the person was doing it
from..luckily the IP address was the same.  i also managed to get the
IP address blocked by our ISP.

On another server, which I have squid running and want running, I keep
getting accesses from http://service.bfast.com/bfast/serve and someone
seems to be accessing web pages late at night when everyone has gone
home.  Trouble is, the IP addresses that access squid don't have host
names (ie. they don't exist) and they keep changing.  Is there any way
to block access to this and is there a good FAQ, etc.

It seems strange though, as the access is every few minutes and the
pages accessed have ads involved,while the first person (above) was
accessing squid regularly in spurts.



To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: