<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">This is my squid config file :</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">------------------------------------------</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">http_port 3129 intercept<br>https_port 3131 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \<br>    generate-host-certificates=off dynamic_cert_mem_cache_size=2MB<br>## For Captive Portal    <br>http_port 3132 intercept <br>https_port 3133 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \<br>    generate-host-certificates=off dynamic_cert_mem_cache_size=1MB<br><br>#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB<br>#sslcrtd_children 5<br><br># TLS/SSL bumping definitions<br>acl tls_s1_connect at_step SslBump1<br>acl tls_s2_client_hello at_step SslBump2<br>acl tls_s3_server_hello at_step SslBump3<br><br># TLS/SSL bumping steps<br>ssl_bump peek tls_s1_connect all # peek at TLS/SSL connect data<br>ssl_bump splice all # splice: no active bumping<br>on_unsupported_protocol tunnel all<br><br>pinger_enable off <br>digest_generation off <br>netdb_filename none <br>ipcache_size 128 <br>fqdncache_size 128 <br>via off<br>forwarded_for transparent<br>httpd_suppress_version_string on <br>cache deny all <br>cache_mem 0 MB<br>memory_pools off<br>shutdown_lifetime 0 seconds<br><br>#logfile_daemon /dev/null<br>access_log none<br><br>#acl good_url dstdomain .<a href="http://yahoo.com">yahoo.com</a><br>http_access allow all<br><br>url_rewrite_program /tmp/squid/urlcat_server_start.sh<br>#url_rewrite_bypass on<br>url_rewrite_children 1 startup=1 idle=1 concurrency=30 queue-size=10000 on-persistent-overload=ERR<br>#url_rewrite_access allow all<br>#url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""<br>url_rewrite_extras "%>a %lp %ssl::>sni"<br><br>max_filedesc 5120<br>coredump_dir /tmp<br>client_lifetime 30 minutes<br>read_ahead_gap 8 KB<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">-------------------------------</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">--> I have installed squid in a wifi access point which will in many cases behave as an edge gateway as well.. So basically it itself is the firewall. There is nothing in front to protect it.</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">--> There are 4 ports that are opened.. If someone decides to do a DDOS attack on them, what options do I have to protect against them.</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">--<div>Thank You</div><div>Chirayu Patel</div><div>Truecom Telesoft </div><div>+91 8758484287</div><div><br></div><div><br></div></div></div></div></div>