squid and it's config, a question
bobc at sfcei.com
bobc at sfcei.com
Tue Mar 23 12:37:30 PST 2004
I am looking to set up squid proxy for my lan, and think I have a
correct config to make sure the proxy is not open. I am asking the list
as opposed to the squid lists, as I prefer to ask the FBSD list first
when it is somewhat FBSD related. I will be running this on a FBSD 4.9
box. This box has two NICs in it, one connected to the router and one to
the lan.
After looking through the docs, I think I am correct in listing the
internal network 10.1.1.x 255.0.0.0 as such:
acl internal src 10.1.1.0/24
http_access deny !internal
I placed the above at the start of the file to jump right in and get this
set. And further into the squid.conf file the following:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 10.1.1.5/255.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
Here the squid server will be IP 10.1.1.5 255.0.0.0. I have no
references to localhost as 127.0.0.1r, and no references to the external
IP in this file anywhere. I am assuming, perhaps incorrectly which is
often the case for me :-), that this should be sufficient and safe from
being open to the world.
Thank you very much for your time and patience with this. And yes I did
RTFM, but I want to be sure as sometimes the FM is beyond me.
--
Bob
"Play is the work of children. It's very serious stuff. And if it's
properly structured in a developmental program, children can blossom."
-Bob Keeshan aka `Captain Kangaroo'
More information about the freebsd-questions
mailing list