> You definitely have a fully open proxy configured for anyone who can send > packets to it. Also the firewall itself intercepts and sends stuff into > the proxy. Yes, I've not had much time to learn it yet, I just needed to get it running for a quick satellite demo so simply opened a port 80 hole in the firewall for traffic and created a basic config. >> http_access allow accel_hosts >> http_access allow manager localhost >> http_access deny manager >> http_access allow all >> > The line above permits anyone who can send a packet to your proxy to use > it as a relay for any purpose they like. > The restrictions above it are not denying anything except cache_mgr:// > protocol. So there is no protection inside Squid. > The default config is safe if you set localnet to you internal IPs only: I actually need to allow public connections since we don't know which machines are actually connecting for the testing. >> http_access allow all I kind of figured that this might be a hole but I was not able to find out what I should build as a config in time. I needed and need to have this working as part of a demo, then later will have time to get back to it and learn more about it. > What version of squid are you on? > Whats the purpose of these? and what traffic are they catching? > http_port 80 transparent > http_port 443 transparent It's version 2.6. With the tiny amount of knowledge I gathered up, I put a config together which would allow public connections to a server on the network. The trial was showing off a website which was designed for satellite users so we used the proxy to speed things up a bit. The port 80/443 variables, I thought, were meant to allow traffic to come in on those ports but transparently since the users are any public user. Mike
