[squid-users] Protecting squid

Ben Goz ben.goz87 at gmail.com
Thu Mar 11 14:56:28 UTC 2021

On 11/03/2021 16:44, Amos Jeffries wrote:
> On 12/03/21 3:37 am, Ben Goz wrote:
>> On 11/03/2021 15:50, Antony Stone wrote:
>>> On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
>>> Tell about your network setup and what you are trying to achieve - 
>>> we might be
>>> able to suggest solutions.
>> End users machine using some client application while their system 
>> proxy points to the above squid proxy server.
> Please also provide your squid.conf settings so we can check they 
> achieve your described need(s) properly. At least any lines starting 
> with the http_access, auth_param, acl, or external_acl_type directives 
> would be most useful.
> Do not forget to anonymize sensitive details before posting. PLEASE do 
> so in a way that we can tell whether a hidden value was correct for 
> its usage, and whether any two hidden values are the same or different.

It's fork of default configuration with some changes.

# Recommended minimum Access Permission configuration:
# Deny requests to certain unsafe ports
#http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

http_access allow localnet
http_access allow localhost

auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth 
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list