On Saturday 11 August 2018 at 15:26:40, Amos Jeffries wrote:
> On 11/08/18 09:43, Antony Stone wrote:
> > On Friday 10 August 2018 at 20:13:06, erdosain9 wrote:
> >> Thanks to all!!
> >> Now is working fine.
> >>
> >> Just, one question to know... i make this accessible from the
> >> internet... so, i create some acl 0.0.0.0/0 and it's working.
>
> That is almost but deceptively not quite the same as "allow all".
Nice description :)
> >> But.. this is a security issue??? or it's ok declare that ACL.
> >
> > If you want everyone / anyone on the Intenet to be able to get to your
> > servers, that is the obvious (and correct) ACL to use.
>
> No, sorry. It is not.
>
> The correct config is to use:
>
> http_access allow foo
>
> Where "foo" is the same ACLs you use on cache_peer_access to determine
> which traffic goes to the peers.
>
> That way Squid is able to block random other domains that virus scans
> etc try to use to detect open proxies.
Hm, I had thought that since this Squid was only configured to be a reverse
proxy for the two servers under discussion, allowing access from anywhere
would still only offer those two destinations?
It wouldn't offer forward-proxy services with that configuration, surely?
Antony.
--
Wanted: telepath. You know where to apply.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
