[squid-users] Protecting squid
ben.goz87 at gmail.com
Thu Mar 11 14:56:28 UTC 2021
On 11/03/2021 16:44, Amos Jeffries wrote:
> On 12/03/21 3:37 am, Ben Goz wrote:
>> On 11/03/2021 15:50, Antony Stone wrote:
>>> On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
>>> Tell about your network setup and what you are trying to achieve -
>>> we might be
>>> able to suggest solutions.
>> End users machine using some client application while their system
>> proxy points to the above squid proxy server.
> Please also provide your squid.conf settings so we can check they
> achieve your described need(s) properly. At least any lines starting
> with the http_access, auth_param, acl, or external_acl_type directives
> would be most useful.
> Do not forget to anonymize sensitive details before posting. PLEASE do
> so in a way that we can tell whether a hidden value was correct for
> its usage, and whether any two hidden values are the same or different.
It's fork of default configuration with some changes.
# Recommended minimum Access Permission configuration:
# Deny requests to certain unsafe ports
#http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
> squid-users mailing list
> squid-users at lists.squid-cache.org
More information about the squid-users