[squid-users] Any obvious security issues in my squid.conf?
j m
acctforjunk at yahoo.com
Mon May 29 22:05:40 UTC 2017
I will be remotely accessing squid 3.5 for general web usage, using an encrypted browser-to-proxy connection, and username/password authentication. I believe my config is reasonably secure as it's based off the default config, but I'm unsure of myself due to some confusion. Are there any glaring issues with what I have?
https_port PORTNUMBER cert=/etc/squid/squid.pem
acl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl localnet src fc00::/7 # RFC 4193 local private network rangeacl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl Safe_ports port 1025-65535 # unregistered portsacl CONNECT method CONNECThttp_access deny !Safe_portshttp_access deny CONNECT !SSL_portshttp_access deny manager## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS#auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwdauth_param basic children 5auth_param basic realm Squid proxy-caching web serverauth_param basic credentialsttl 2 hoursauth_param basic casesensitive onacl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_usershttp_access deny all
refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320
cache deny allaccess_log nonenetdb_filename none
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170529/2f92bed3/attachment-0001.html>
More information about the squid-users
mailing list