> First question - what are you aiming / hoping to achieve by implementing > Squid? 1. Some ad blocking via an MVPS hosts file. I'm not trying for a perfect solution, some ad blocking is better than none. 2. Parental control abilities. I like that squid can serve a local webpage that can say, "Facebook is only allowed between X hours on X days" instead of giving an unreachable response. 3. Possible small improvements in page response times due to web caching and ad blocking. > Second question - do you really give guests full access to your home > network, rather than just "a gateway to the Internet with no visibility > of my private machines"? At the moment, yes. It's a work in progress. I can count on one hand the number of people I've allowed access to in the last year and my wifi is secured as best it can be. That said, I recognize that - as the saying goes - locks only keep good people out. > data leaks > cache poisoning > message smuggling I need to read up on cache poisoning, haven't heard of that one. Not sure what you mean by message smuggling. And yes, the data leaks was what I knew enough to be asking about. Specifically my concern is that someone could gain control of my server and install malware/trojan/work/whatever. I'm not that good with Linux yet so I probably wouldn't even know where to begin looking for something like that, much less clean it off. And I would expect the malware/antivirus safeguards I have on my PCs would be less effective if there's a server on the same LAN possibly attacking them 24/7. > The risk is relative to your overall network security design, and that > should of course be considered before starting a proxy in any network > more secure than what the default squid.conf allows. <joke> Well I'm sure my network is *less* secure than what the default squid.conf allows so no worries, eh? </joke> > If you want advice about specific features that is not mentioned in the > relevant squid.conf directive docs or the wiki, feel free to ask. But > security is a rather big topic so pardon if I dont try to brain-dump > everything right here :-) Understood. Antony was on the right track with asking about my objectives. As far as non-standard squid config ... I really wish I could link you to the website I used as a template to add onto the default squid install. Normally I save the web link in the txt file with the notes I've made but I seem to have forgotten to save the link in this one. I've spent about the last 20 minutes searching but I can't find the page. There were a few things I added for rate limiting Windows update and allowing Youtube and cgi-bin pages to be cached, but the modifications shouldn't have affect permissions, etc. I don't think they would, but would've liked to have linked you to that page. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
