On 2014-02-14 05:27, Antony Stone wrote:
On Thursday 13 February 2014 at 16:19:16, khadmin wrote:
HI Antony,
Actually I'm trying to have something that works without any
restrictions
or control.
You mean?
http_access allow all
- does exactly what you just said. But is very insecure as it drops
protection against attackers and the protocol smuggling vulnerabilities
in HTTP. The below from Antony is best-practice advice:
Have you tried taking the competely default squid.conf, adding an acl
for the
source IP range of your network (see the example lines starting with
"#acl
localnet src"), and an http_access allow rule for that network range
(see the
example line "#http_access allow localnet"), with no other changes?
That should do what you're trying to achieve.
Antony.
Note that the _documentation file_ you currently have is not actually
the default config. Your Squid should have installed with a
squid.conf.default file which is the actual default configuration for
Squid. If that is missing for any reason the wiki release page contains
a copy:
http://wiki.squid-cache.org/Squid-3.3
Amos