Securiser reverse proxy squid

To: debian-user-french@lists.debian.org
Subject: Securiser reverse proxy squid
From: Martinez Nicolas <nmartinez@01fr.com>
Date: Sat, 29 Oct 2005 00:03:31 +0200
Message-id: <[🔎] 4362A033.4070309@01fr.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bonjour,
je travaille actuellement sur une solution de reverse proxy avec Squid
pour accelerer et economiser la bande passante de mes serveurs.

J'ai lu qu'il y avait des risques de securite avec les proxy...
surtout quand ils
sont mal configures.

Avez vous des infos sur le sujet ?
(parametrage a eviter ou autre)

merci

Mon squid.conf:
########################
http_port 80
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_dir ufs /var/spool/squid 100 16 256
refresh_pattern         \.(gif|jpg|jpeg|png)$       600 80% 86400
refresh_pattern         \.(xbm|xpm|ico|tiff)$   600 80% 86400
refresh_pattern         \.(au|snd|wav|ra|mid)$  600 80% 86400
refresh_pattern         \.(qt|mov|avi|mpeg)$    600 80% 86400
refresh_pattern         \.(iv|wrl|vrml)$        600 80% 86400
refresh_pattern         \.(Z|gz)$               600 80% 86400
refresh_pattern         \.(hqx|bin)$            600 80% 86400
refresh_pattern         \.(tar|zip)$            600 80% 86400
refresh_pattern         ^http://                30 50% 86400
refresh_pattern         ^ftp://                 30 50% 86400
refresh_pattern         .                       30 30% 43200
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
log_fqdn on
hosts_file /etc/hosts
acl www_domaine_com dst 1.2.3.4
acl acceleratedPort port 80
http_access allow www_domain_com acceleratedPort
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow all
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_port 0
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
##############################

- --
Generation Libre
Site d'information et d'entraide aux logiciels libres
http://www.generation-libre.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDYqAzTjhuX2IovwsRAkHNAKC6iAvTml9YeTKEPX+NZEhAyCDCcwCguoPx
usc0sXXYlZjz3OwNnNP79lQ=
=14Mc
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Clé USB
Next by Date: Re: Clé USB
Previous by thread: Re: [Hors sujet] Linux est préinstallé sur (presque) tous les ordinateurs.
Next by thread: Problème de démontage de cdrom
Index(es):
- Date
- Thread