[squid-users] Squid as reverse proxy for two or more webs

Antony Stone Antony.Stone at squid.open.source.it
Sat Aug 11 13:35:14 UTC 2018

On Saturday 11 August 2018 at 15:26:40, Amos Jeffries wrote:

> On 11/08/18 09:43, Antony Stone wrote:
> > On Friday 10 August 2018 at 20:13:06, erdosain9 wrote:
> >> Thanks to all!!
> >> Now is working fine.
> >> 
> >> Just, one question to know... i make this accessible from the
> >> internet... so, i create some acl and it's working.
> That is almost but deceptively not quite the same as "allow all".

Nice description :)

> >> But.. this is a security issue??? or it's ok declare that ACL.
> > 
> > If you want everyone / anyone on the Intenet to be able to get to your
> > servers, that is the obvious (and correct) ACL to use.
> No, sorry. It is not.
> The correct config is to use:
>  http_access allow foo
> Where "foo" is the same ACLs you use on cache_peer_access to determine
> which traffic goes to the peers.
> That way Squid is able to block random other domains that virus scans
> etc try to use to detect open proxies.

Hm, I had thought that since this Squid was only configured to be a reverse 
proxy for the two servers under discussion, allowing access from anywhere 
would still only offer those two destinations?

It wouldn't offer forward-proxy services with that configuration, surely?


Wanted: telepath.   You know where to apply.

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list