Search squid archive

Re: [RFC] Changes to http_access defaults

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alex Rousskov wrote
> On 04/13/2017 10:39 AM, Alex Rousskov wrote:
> 
>> The "many folks misconfigure access rules" problem may not have a
>> good solution (under Squid control); we should be careful not to make
>> things worse while not solving the unsolvable problem.
> 
> 
> Here is an alternative idea: Instead of adding default http_access rules
> inside Squid, add an optional squid.conf lint/checker. For many
> configurations, especially the simple ones used by new Squid admins, it
> is fairly easy to _automatically_ check whether these default rules are
> violated.
> 
> If these rules are violated, Squid will log a startup warning like this:
> 
>   WARNING: Your http_access rules allow CONNECT to unsafe port XXX.
>   More info at http://...?warning=xyz&port=XXX.
> 
> The URL will detail the dangers and also explain how to disable this
> specific warning or linting as a whole.
> 
> I can discuss/detail this further if there is consensus that automated
> checking is overall better than built-in http_access defaults.
> Unfortunately, I do not have the time to volunteer an implementation.
> 
> 
> HTH,
> 
> Alex.
> 
> _______________________________________________
> squid-users mailing list

> squid-users@.squid-cache

> http://lists.squid-cache.org/listinfo/squid-users

agreed on the warning part only  :)
 as yuri said --> System administrator should have possibility to override
ANY default.
{ANY == ANY}



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/RFC-Changes-to-http-access-defaults-tp4682073p4682087.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux