> >> http_access allow accel_hosts > >> http_access allow manager localhost > >> http_access deny manager > >> http_access allow all > >> > > The line above permits anyone who can send a packet to your proxy to use > > it as a relay for any purpose they like. > > The restrictions above it are not denying anything except cache_mgr:// > > protocol. So there is no protection inside Squid. > > The default config is safe if you set localnet to you internal IPs only: On 11.11.08 19:57, lists@xxxxxxxxxxxx wrote: > I actually need to allow public connections since we don't know which > machines are actually connecting for the testing. in such case you should restrict destinations only to your servers. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...