ACL's are avalible in squid, what you can do is setup an ACL to allow only your networks IP's to connect to squid, and deny everything else.
like this: acl all src 0.0.0.0/0.0.0.0 acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx and then, http_access allow private_networks0 http_access allow private_networks1 http_access deny all Pretty similar to a firewall rule setup, another security measure you can take is, if your squid proxy has multiple interfaces, like one public and one private, you can set the tcp_incoming_address and tcp_outgoing_address - this means squid won't actually listen on the external address, but will use it for external connections. Hope this is off assistance. Regards Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, 5 December 2001 17:21 To: Debian Security Subject: Squid security Recently, I had someone trying to browse the web from one of our servers via squid. Luckily, I didn't need squid for this machine, so I took it off and emailed the hostmaster of the domain the person was doing it from..luckily the IP address was the same. i also managed to get the IP address blocked by our ISP. On another server, which I have squid running and want running, I keep getting accesses from http://service.bfast.com/bfast/serve and someone seems to be accessing web pages late at night when everyone has gone home. Trouble is, the IP addresses that access squid don't have host names (ie. they don't exist) and they keep changing. Is there any way to block access to this and is there a good FAQ, etc. It seems strange though, as the access is every few minutes and the pages accessed have ads involved,while the first person (above) was accessing squid regularly in spurts. Thanks Robert.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
