[squid-users] Protecting squid

Antony Stone Antony.Stone at squid.open.source.it
Thu Mar 11 13:50:24 UTC 2021


On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:

> I tried to open squid with some special port other than the default 3128
> port.

Obscurity is not equivalent to security.

> But after a while I saw that my squid was being abused by unknown IP
> addresses

I'm assuming this means your Squid proxy is accessible from the Internet.

Why?

> so I decided to password protect my squid so that only authorized
> users could use it.
> But it's pretty annoying for the users to enter user/password repeatedly.

What authentication method are you using?  At the very least, a user should 
not have to authenticate more than once per browser session - are they saying 
that even that is excessive?

> Is there any other solution than password protection that only authorized
> users can have access to my squid server?

Depends what "authorised" means.  Can you define the network range they are 
expected to come from, and restrict access only to those IPs?

Tell about your network setup and what you are trying to achieve - we might be 
able to suggest solutions.


Antony.

-- 
The best time to plant a tree is 20 years ago.
The second best time is now.

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list