Search squid archive

Re: Someone's using my cache?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



lists@xxxxxxxxxxxx wrote:
 You definitely have a fully open proxy configured for anyone who can send
 packets to it. Also the firewall itself intercepts and sends stuff into
 the proxy.

Yes, I've not had much time to learn it yet, I just needed to get it running for a quick satellite demo so simply opened a port 80 hole in the firewall for traffic and created a basic config.
 http_access     allow accel_hosts
 http_access     allow manager localhost
 http_access     deny manager
 http_access     allow all
 The line above permits anyone who can send a packet to your proxy to use
 it as a relay for any purpose they like.
 The restrictions above it are not denying anything except cache_mgr://
 protocol. So there is no protection inside Squid.
 The default config is safe if you set localnet to you internal IPs only:

I actually need to allow public connections since we don't know which machines are actually connecting for the testing.
 http_access     allow all

I kind of figured that this might be a hole but I was not able to find out what I should build as a config in time. I needed and need to have this working as part of a demo, then later will have time to get back to it and learn more about it.
 What version of squid are you on?
 Whats the purpose of these? and what traffic are they catching?
 http_port 80 transparent
 http_port 443 transparent

It's version 2.6.

With the tiny amount of knowledge I gathered up, I put a config together which would allow public connections to a server on the network. The trial was showing off a website which was designed for satellite users so we used the proxy to speed things up a bit.

The port 80/443 variables, I thought, were meant to allow traffic to come in on those ports but transparently since the users are any public user.

Mike


Ah. Gottcha. You are wanting a reverse proxy.

http://wiki.squid-cache.org/SquidFaq/ReverseProxy
contains a usable config for accelerating a hidden web server securely.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.2

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux