[squid-users] Protecting squid
Ben Goz
ben.goz87 at gmail.com
Thu Mar 11 14:37:26 UTC 2021
On 11/03/2021 15:50, Antony Stone wrote:
> On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
>
>> I tried to open squid with some special port other than the default 3128
>> port.
> Obscurity is not equivalent to security.
>
>> But after a while I saw that my squid was being abused by unknown IP
>> addresses
> I'm assuming this means your Squid proxy is accessible from the Internet.
>
> Why?
My users access squid via the internet.
>
>> so I decided to password protect my squid so that only authorized
>> users could use it.
>> But it's pretty annoying for the users to enter user/password repeatedly.
> What authentication method are you using? At the very least, a user should
> not have to authenticate more than once per browser session - are they saying
> that even that is excessive?
Yep.
>
>> Is there any other solution than password protection that only authorized
>> users can have access to my squid server?
> Depends what "authorised" means. Can you define the network range they are
> expected to come from, and restrict access only to those IPs?
This solution is least preferred because IPs range can by dynamically
change.
>
> Tell about your network setup and what you are trying to achieve - we might be
> able to suggest solutions.
End users machine using some client application while their system proxy
points to the above squid proxy server.
>
>
> Antony.
>
Regards,
Ben
More information about the squid-users
mailing list