Search squid archive

Re: [squid-users] Accelerator and ICP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 4 Jun 2005, Richard 'toast' Russo wrote:

I'm worried that by adding httpd_accel_with_proxy on, I may be opening my servers up to proxy the world for everybody (especially if I don't write good acls)

You should always write good ACLs.

httpd_accel_uses_host_header on
and
httpd_accel_with_proxy on

both opens up the reverse proxy allowing users to construct requests for any site.


Setting up good ACLs isn't very hard. Start with the suggested default squid.conf, and then insert where indicated something like the following

acl ourservers dstdomain names_of_accelerated_sites
acl port80 port 80
acl http protocol http

http_access allow http port80 ourservers


Regards
Henrik

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux