That's majorly overkill when there's access controls in squid itself. Why take a sledgehammer to break a nut.
-- ian ----- Original Message ----- From: "Rishi L Khan" <[EMAIL PROTECTED]> To: "Chris Harrison" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "'Debian Security'" <debian-security@lists.debian.org> Sent: Tuesday, December 04, 2001 3:27 PM Subject: RE: Squid security > Another way to do it is setup an automatic proxy script that tells the > browser which port on the squid box to go to. Then you can periodically > change the port. (Or you can just change to an obscure port and hope less > people find it). > > -rishi > > On Tue, 4 Dec 2001, Chris Harrison wrote: > > > If the IP address was staying the same, you could easily add a reference > > to /etc/hosts.deny But since you state that this is not the case it > > will all be a little trickier. There is no relevance as to whether the > > IP addresses can resolve into host names or not. > > > > I would suggest that the best solution would be to firewall off the > > ports that squid uses on your box from unauthorized users. How you go > > about this is dependent on what kernel you are using and where your > > firewall is. If you need squid to be accessible from the outside world, > > you may want to consider adding authentication to squid to stop random > > hippies using your squid/bandwidth instead. I believe this is made > > possible through ACL (Access control Lists) in the most part. Looking > > through /etc/squid.conf here shows me that you can make ACL's to limit > > access to certain IP's by the time of day etc. > > There is a setting called authenticate_program in my squid.conf file. > > What it does is supply the authenticate program and a password list for > > all the valid users. > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, 5 December 2001 12:21 PM > > To: Debian Security > > Subject: Squid security > > > > Recently, I had someone trying to browse the web from one of our servers > > via squid. Luckily, I didn't need squid for this machine, so I took it > > off and emailed the hostmaster of the domain the person was doing it > > from..luckily the IP address was the same. i also managed to get the > > IP address blocked by our ISP. > > > > On another server, which I have squid running and want running, I keep > > getting accesses from http://service.bfast.com/bfast/serve and someone > > seems to be accessing web pages late at night when everyone has gone > > home. Trouble is, the IP addresses that access squid don't have host > > names (ie. they don't exist) and they keep changing. Is there any way > > to block access to this and is there a good FAQ, etc. > > > > It seems strange though, as the access is every few minutes and the > > pages accessed have ads involved,while the first person (above) was > > accessing squid regularly in spurts. > > > > > > Thanks > > > > Robert.. > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
