Search squid archive

Re: Re: squid3 block all 443 ports request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2014-02-14 05:27, Antony Stone wrote:
On Thursday 13 February 2014 at 16:19:16, khadmin wrote:

HI Antony,
Actually I'm trying to have something that works without any restrictions
or control.

You mean?
 http_access allow all

- does exactly what you just said. But is very insecure as it drops protection against attackers and the protocol smuggling vulnerabilities in HTTP. The below from Antony is best-practice advice:


Have you tried taking the competely default squid.conf, adding an acl for the source IP range of your network (see the example lines starting with "#acl localnet src"), and an http_access allow rule for that network range (see the
example line "#http_access allow localnet"), with no other changes?

That should do what you're trying to achieve.


Antony.

Note that the _documentation file_ you currently have is not actually the default config. Your Squid should have installed with a squid.conf.default file which is the actual default configuration for Squid. If that is missing for any reason the wiki release page contains a copy:
 http://wiki.squid-cache.org/Squid-3.3

Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux