Hi,
Trouble is, the IP addresses that access squid don't have host
names (ie. they don't exist) and they keep changing. Is there any way
to block access to this and is there a good FAQ, etc.
there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid).
But you should not block
msg.pgp
Description: PGP message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tend to agree that filtering things at layer 3 and 4 is
the best
policy (since I don't fully trust every program I run to
filter
itself properly). iHowever, if you are running 2.4 kernel
you will
need to investigate iptables rather than
, December 04, 2001 3:27 PM
Subject: RE: Squid security
Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people find
ACL's are avalible in squid, what you can do is setup an ACL to allow only
your networks IP's to connect to squid, and deny everything else.
like this:
acl all src 0.0.0.0/0.0.0.0
acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
Hi,
Trouble is, the IP addresses that access squid don't have host
names (ie. they don't exist) and they keep changing. Is there any way
to block access to this and is there a good FAQ, etc.
there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid).
But you should not block these
On another server, which I have squid running and want running, I keep
getting accesses from http://service.bfast.com/bfast/serve and someone
seems to be accessing web pages late at night when everyone has gone
home. Trouble is, the IP addresses that access squid don't have host
names (ie.
msg.pgp
Description: PGP message
Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people find it).
-rishi
On Tue, 4 Dec 2001, Chris Harrison
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tend to agree that filtering things at layer 3 and 4 is
the best
policy (since I don't fully trust every program I run to
filter
itself properly). iHowever, if you are running 2.4 kernel
you will
need to investigate iptables rather than
Sent: Tuesday, December 04, 2001 3:27 PM
Subject: RE: Squid security
Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people
ACL's are avalible in squid, what you can do is setup an ACL to allow only
your networks IP's to connect to squid, and deny everything else.
like this:
acl all src 0.0.0.0/0.0.0.0
acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
12 matches
Mail list logo