[squid-users] Squid as reverse proxy for two or more webs
squid3 at treenet.co.nz
Sat Aug 11 13:26:40 UTC 2018
On 11/08/18 09:43, Antony Stone wrote:
> On Friday 10 August 2018 at 20:13:06, erdosain9 wrote:
>> Thanks to all!!
>> Now is working fine.
>> Just, one question to know... i make this accessible from the internet...
>> so, i create some acl 0.0.0.0/0 and it's working.
That is almost but deceptively not quite the same as "allow all".
>> But.. this is a security issue??? or it's ok declare that ACL.
> If you want everyone / anyone on the Intenet to be able to get to your
> servers, that is the obvious (and correct) ACL to use.
No, sorry. It is not.
The correct config is to use:
http_access allow foo
Where "foo" is the same ACLs you use on cache_peer_access to determine
which traffic goes to the peers.
That way Squid is able to block random other domains that virus scans
etc try to use to detect open proxies.
More information about the squid-users