Javær wrote:
hi all,
i have squid 2.5 set up as a reverse proxy for our mail servers (to
avoid having to expose our mailservers to the outside world). squid is
acting only as a reverse proxy (accelerator), and I have
httpd_accel_with_proxy set to off.
does anyone have any advice or tips for creating the ACL's so that I
can avoid having our squid be used as an open proxy?
thanks so much!
acl mailhosts dstdomain .my.webmailserver.com # Could use a "dst" acl
with the IP address
acl mailhostPort port 80 # Assuming standard HTTP port here...
http_access allow mailhosts mailhostPort # Allow anyone to connect to
*.my.webmailserver.com on port 80
http_access deny all # Deny anything else
Additional rules needed to allow SSL connections.
Chris
