Go Wow wrote:
so what according to you should be my edited squid.conf? and thanks
for those great inputs.
That depends on which of my points (which you have now elided) you want
to use.
My version of that would look like:
# Unacceptable users netblocks
http_access deny !home_network
http_access deny lpo_network
# cache-management
http_access allow manager localhost
http_access deny manager
# Unacceptable port usage
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Whitelist for the following blocks.
acl GoodSites dstdomain "okay-sites.txt" # gmail google.com etc.
acl GoodSites_reg uri_regex -i "okay-words.txt"
http_access allow GoodSites
http_access allow GoodSites_reg
# Unacceptable websites
acl BadSites dstdomain "bad-sites.txt" # porn.com etc.
acl BadSites_reg uri_regex -i "bad-words.txt" # 'excrement' etc.
http_access deny BadSites
http_access deny BadSites_reg
# Acceptable users
http_access allow home_network
# global safety-net.
http_access deny all
Ideally the files and *_reg lists would be empty or missing, but thats a
decision only you can make.
Amos
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
