On 11/03/2021 15:50, Antony Stone wrote:
On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
I tried to open squid with some special port other than the default 3128
port.
Obscurity is not equivalent to security.
But after a while I saw that my squid was being abused by unknown IP
addresses
I'm assuming this means your Squid proxy is accessible from the Internet.
Why?
My users access squid via the internet.
so I decided to password protect my squid so that only authorized
users could use it.
But it's pretty annoying for the users to enter user/password repeatedly.
What authentication method are you using? At the very least, a user should
not have to authenticate more than once per browser session - are they saying
that even that is excessive?
Yep.
Is there any other solution than password protection that only authorized
users can have access to my squid server?
Depends what "authorised" means. Can you define the network range they are
expected to come from, and restrict access only to those IPs?
This solution is least preferred because IPs range can by dynamically
change.
Tell about your network setup and what you are trying to achieve - we might be
able to suggest solutions.
End users machine using some client application while their system proxy
points to the above squid proxy server.
Antony.
Regards,
Ben
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users