Most vendors ship it with ACL's enabled, red hat for example has the comment to the effect of "add your network here" so you need to define the network and then create a rule to allow it (otherwise only localhost is allowed by default to use squid, reasonably safe). Can't automatically use http_port, I mean is 192.168.0.1 "outside", depending on your network it could be)? what about 2.3.4.5 or 5.6.7.8? An acceptable solution in my opinion. Plus some of us do allow the Internet at large to connect and use the proxy, once they've authenticated of course. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.idefense.com/digest.html > I love Squid, and yes, default Squid configuration solves this problem... > But if you want a secure proxy, you have to change the parameter http_port > to listen only to your internal IP address!!! Default config is: > http_port 0.0.0.0 > so anyone from the internet can use your proxy (I fond a lot of server so > configured!!!!). Change it to > http_port 192.168.1.254 #private IP > > My 0.02... > > Tommaso Di Donato >
