[squid-users] Do I need to be technical to use squid proxy?

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Aug 16 07:22:54 UTC 2018


>On Wednesday 15 August 2018 at 21:09:57, Oldman wrote:
>> I won't change any thing unless I am sure here.

On 15.08.18 21:20, Antony Stone wrote:
>Well, you've certainly changed quite a lot of the standard config in the file
>you showed us earlier.

>> What was dangerous ?  Did you mean I could be hacked with that
>> configuration file?

>I seriously doubt you can be "hacked" (whatever you specifically mean by that)
>but only because you are running the Squid proxy on a domestic network and it
>is therefore almost certainly unreachable from the Internet.

in which case I ask if you (OP, Oldman) are really sure that your proxy is
not accessible from the internet.

Otherwise, any weak password in /etc/squid/passwd can be guessed by
attackers and your squid could be abused.

>However, defining "safe ports" to be "any port at all" means your proxy can be
>used for quite a number of protocols other than HTTP/S (for example, SMTP) and
>since this is almost certainly not what you want this proxy to be (ab)used
>for, you should stick the the default definition of safe ports which is
>designed to prevent this sort of abuse.
>
>Just out of interest, what made you make the changes you did to the standard
>config?

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...


More information about the squid-users mailing list