ACL's are avalible in squid, what you can do is setup an ACL to allow only
your networks IP's to connect to squid, and deny everything else.
like this:
acl all src 0.0.0.0/0.0.0.0
acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
ACL's are avalible in squid, what you can do is setup an ACL to allow only
your networks IP's to connect to squid, and deny everything else.
like this:
acl all src 0.0.0.0/0.0.0.0
acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
OTECTED]>; "'Debian Security'"
Sent: Tuesday, December 04, 2001 3:27 PM
Subject: RE: Squid security
> Another way to do it is setup an automatic proxy script that tells the
> browser which port on the squid box to go to. Then you can periodically
> change the po
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tend to agree that filtering things at layer 3 and 4 is
the best
policy (since I don't fully trust every program I run to
filter
itself properly). iHowever, if you are running 2.4 kernel
you will
need to investigate iptables rather than ipchains.
Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people find it).
-rishi
On Tue, 4 Dec 2001, Chris Harrison wrote
CTED]>; "'Debian Security'"
<[EMAIL PROTECTED]>
Sent: Tuesday, December 04, 2001 3:27 PM
Subject: RE: Squid security
> Another way to do it is setup an automatic proxy script that tells the
> browser which port on the squid box to go to. Then you can periodically
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tend to agree that filtering things at layer 3 and 4 is
the best
policy (since I don't fully trust every program I run to
filter
itself properly). iHowever, if you are running 2.4 kernel
you will
need to investigate iptables rather than ipchains
Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people find it).
-rishi
On Tue, 4 Dec 2001, Chris Harrison wrot
If the IP address was staying the same, you could easily add a reference
to /etc/hosts.deny But since you state that this is not the case it
will all be a little trickier. There is no relevance as to whether the
IP addresses can resolve into host names or not.
I would suggest that the best solut
msg.pgp
Description: PGP message
> On another server, which I have squid running and want running, I keep
> getting accesses from http://service.bfast.com/bfast/serve and someone
> seems to be accessing web pages late at night when everyone has gone
> home. Trouble is, the IP addresses that access squid don't have host
> names (i
Hi,
> Trouble is, the IP addresses that access squid don't have host
> names (ie. they don't exist) and they keep changing. Is there any way
> to block access to this and is there a good FAQ, etc.
there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid).
But you should not block the
If the IP address was staying the same, you could easily add a reference
to /etc/hosts.deny But since you state that this is not the case it
will all be a little trickier. There is no relevance as to whether the
IP addresses can resolve into host names or not.
I would suggest that the best solu
msg.pgp
Description: PGP message
> On another server, which I have squid running and want running, I keep
> getting accesses from http://service.bfast.com/bfast/serve and someone
> seems to be accessing web pages late at night when everyone has gone
> home. Trouble is, the IP addresses that access squid don't have host
> names (
Hi,
> Trouble is, the IP addresses that access squid don't have host
> names (ie. they don't exist) and they keep changing. Is there any way
> to block access to this and is there a good FAQ, etc.
there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid).
But you should not block th
16 matches
Mail list logo
