[squid-users] Newbie question, How to fully disable/disallow https?
Antony Stone
Antony.Stone at squid.open.source.it
Tue Jun 22 21:15:24 UTC 2021
On Tuesday 22 June 2021 at 23:13:19, Antony Stone wrote:
> On Tuesday 22 June 2021 at 23:05:20, Arctic5824 wrote:
> > On Tuesday, June 22nd, 2021 at 1:56 PM, Antony Stone wrote:
> > > Please do not test and report problems with one configuration, and then
> > > tell us you have a different one.
> >
> > Sorry, I shouldnt have done that.
> > my config(but the only change is allowing all instead of localhost):
> > https://paste.gg/p/anonymous/e660bab698224e1aa1fd320b1bf22081
>
> So, as Alex already said, the lines:
>
> http_access allow all
> http_access deny CONNECT
>
> mean that anyone, from anyway, can connect. That's it.
Correction: "anyone, from anywhere". That means anywhere on the planet.
Please turn this off now.
> I recommend you turn this off now and hope your ISP doesn't block you for
> running an open proxy.
>
> > here is a snippet (as the file is very large due,i can send full if you
> > would like) of the acces log when I was doing testing:
> > https://termbin.com/vj7t
>
> No, please send us *only* the lines relating to a _single_ request which
> you think should have been blocked.
>
> > the ip i tested from was 73.189.239.235
>
> What!?
>
> That is not even one of your listed IP addresses.
>
> Are you *really* running an open proxy on the Internet!?
>
> Please turn it off _now_ until you understand the advice Alex and I are
> giving you, and you understand the default settings in the standard Squid
> configuration file, some of which you have changed.
>
>
> Antony.
--
Perfection in design is achieved not when there is nothing left to add, but
rather when there is nothing left to take away.
- Antoine de Saint-Exupery
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list