On Fri, 22 May 2015 23:26:13 +1200 Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Without NextProxy is correct if ziproxy is on the "outside" of Squid. > Like so: > > client -> Squid -> ziproxy -> Internet In my browser i speak only with squid, other make squid i hope. I use ziproxy for compress the traffic, but when i saw the rate is not really much. http://silviosiefke.de/squid/zip.html > If you set ziproxy to pass *requests* to Squid, the traffic will > enter a loop: > client -> Squid -> ziproxy -> Squid -> ziproxy -> ... client > squid > ziproxy > squid > client so is my plan > In your squid.conf all traffic requires authenticating. Nothing is > allowed through without it. Although anything from localhost is > allowed to send wrong credentials and get through :-( . localhost should work without authenticating. I think this is problem why NextProxy in ziproxy.conf not work correct. > - "deny ads" is not useful like this, anything getting to that check > will also be blocked by the "deny all" which follows it and is a > faster check. > > - also missing the basic HTTP abuse and DoS security protections. > > To let localhost I would write them like this: > > # basic security potections. > # To let special ports through; check carefully its not abuse > # then adjust Safe_ports and SSL_ports appropriately > http_access deny !Safe_ports > http_access deny CONNECT !SSL_Ports > > # To use the deny ads ACL it would go here in the ordering, > # before the allow rules. > http_access deny ads > > # localhost does not require authentication > http_access allow localhost > > # manager access only permitted from localhost > http_access deny !localhost manager > > # anyone with a valid auth credentials is allowed > http_access allow checkpw > > http_access deny all > > > You will need to re-add the CONNECT, Safe_ports and SSL_Ports ACL > definitions from the default config. Okay thank you, im shamed but i really has not understand what mean SSL Ports and so now i understand more. > You dont really need to exempt localhost from authentication. But that > is your choice. Only connection over port 15000 need authentication because is extern and best were only my login goes. Localhost should work without any limitiation. Thank you very much & Nice Day Silvio
Attachment:
pgpMwuifpFZnt.pgp
Description: PGP signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
