[squid-users] Any obvious security issues in my squid.conf?

j m acctforjunk at yahoo.com
Mon May 29 22:05:40 UTC 2017


I will be remotely accessing squid 3.5 for general web usage, using an encrypted browser-to-proxy connection, and username/password authentication.  I believe my config is reasonably secure as it's based off the default config, but I'm unsure of myself due to some confusion.  Are there any glaring issues with what I have?
https_port PORTNUMBER cert=/etc/squid/squid.pem

acl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl localnet src fc00::/7       # RFC 4193 local private network rangeacl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443acl Safe_ports port 80          # httpacl Safe_ports port 21          # ftpacl Safe_ports port 443         # httpsacl Safe_ports port 70          # gopheracl Safe_ports port 210         # waisacl Safe_ports port 280         # http-mgmtacl Safe_ports port 488         # gss-httpacl Safe_ports port 591         # filemakeracl Safe_ports port 777         # multiling httpacl Safe_ports port 1025-65535  # unregistered portsacl CONNECT method CONNECThttp_access deny !Safe_portshttp_access deny CONNECT !SSL_portshttp_access deny manager## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS#auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwdauth_param basic children 5auth_param basic realm Squid proxy-caching web serverauth_param basic credentialsttl 2 hoursauth_param basic casesensitive onacl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_usershttp_access deny all
refresh_pattern ^ftp:           1440    20%     10080refresh_pattern ^gopher:        1440    0%      1440refresh_pattern -i (/cgi-bin/|\?) 0     0%      0refresh_pattern .               0       20%     4320
cache deny allaccess_log nonenetdb_filename none
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170529/2f92bed3/attachment-0001.html>


More information about the squid-users mailing list