I will be remotely accessing squid 3.5 for general web usage, using an encrypted browser-to-proxy connection, and username/password authentication. I believe my config is reasonably secure as it's based off the default config, but I'm unsure of myself due to some confusion. Are there any glaring issues with what I have? https_port PORTNUMBER cert=/etc/squid/squid.pem
acl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl localnet src fc00::/7 # RFC 4193 local private network rangeacl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl Safe_ports port 1025-65535 # unregistered portsacl CONNECT method CONNECThttp_access deny !Safe_portshttp_access deny CONNECT !SSL_portshttp_access deny manager## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS#auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwdauth_param basic children 5auth_param basic realm Squid proxy-caching web serverauth_param basic credentialsttl 2 hoursauth_param basic casesensitive onacl ncsa_users proxy_auth REQUIRED http_access allow ncsa_usershttp_access deny all refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320 cache deny allaccess_log nonenetdb_filename none
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
