[squid-users] miconfigured proxy

From: Chrispen Chisvo <[email protected]>
Date: Wed, 21 May 2003 12:57:29 +0100

> Hi
>
> I have the following in the squid.conf
>
> #Defaults:
> acl all src 0.0.0.0/0.0.0.0 what does this mean?
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563 1214
> acl Safe_ports port 80 21 443 563 70 210 1025-65535 is this safe to keep?
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl mynet src 10.100.1.0/24 10.100.2.0/24 10.100.3.0/24 10.100.4.0/24
>
> # TAG: http_access
> # Allowing or Denying access based on defined access lists
> #
> # Access to the HTTP port:
> # http_access allow|deny [!]aclname ...
> #
> # Access to the ICP port:
> # icp_access allow|deny [!]aclname ...
> #
> # NOTE on default values:
> #
> # If there are no "access" lines present, the default is to allow
> # the request.
> #
> # If none of the "access" lines cause a match, the default is the
> # opposite of the last line in the list. If the last line was
> # deny, then the default is allow. Conversely, if the last line
> # is allow, the default will be deny. For these reasons, it is a
> # good idea to have an "deny all" or "allow all" entry at the end
> # of your access lists to avoid potential confusion.
> #
> #Default configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow mynet
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access deny all but is still get machines not on my ip browsing through my proxy
>
> What can I do to secure my proxy.
>
> Also, I do not want my proxy to display its version, how can I do that?
>
> Thanks for your time in advance.
>
> Chris
 
The information in this mesage is confidential and is legally priviledged. It is intended solely for the addresse. Access to this message by anyone else is unauthorized.

If receiving in error please accept our apologies and notify the sender immediately. You must also delete the original message from your machine. If you are not the intended recipient, any use, disclosure, copying, distribution or action taken in reliance of it, is prohibited and may be unlawful.

The information, attachments, opinioins or advice contained in this email are not the views or opinions of Econet Wireless Nigeria Ltd., its subsidiaries or affiliates. Econet Wireless Nigeria Ltd. therefore accepts no liability for claims, losses, or damages arising from the inaccuracy, incorrectness, or lack of integrity of such information.
Received on Wed May 21 2003 - 05:59:31 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:49 MST