On Sat, 4 Jun 2005, Richard 'toast' Russo wrote:
I'm worried that by adding httpd_accel_with_proxy on, I may be opening my
servers up to proxy the world for everybody (especially if I don't write good
acls)
You should always write good ACLs.
httpd_accel_uses_host_header on
and
httpd_accel_with_proxy on
both opens up the reverse proxy allowing users to construct requests for
any site.
Setting up good ACLs isn't very hard. Start with the suggested default
squid.conf, and then insert where indicated something like the following
acl ourservers dstdomain names_of_accelerated_sites
acl port80 port 80
acl http protocol http
http_access allow http port80 ourservers
Regards
Henrik
