Re: Squid security

2001-12-04 Thread Ralf Dreibrodt
Hi, Trouble is, the IP addresses that access squid don't have host names (ie. they don't exist) and they keep changing. Is there any way to block access to this and is there a good FAQ, etc. there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid). But you should not block

Re: Squid security

2001-12-04 Thread Ricardo B
msg.pgp Description: PGP message

Re: Re: Squid security

2001-12-04 Thread Phillip Hofmeister
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I tend to agree that filtering things at layer 3 and 4 is the best policy (since I don't fully trust every program I run to filter itself properly). iHowever, if you are running 2.4 kernel you will need to investigate iptables rather than

Re: Squid security

2001-12-04 Thread Ian McDonald
, December 04, 2001 3:27 PM Subject: RE: Squid security Another way to do it is setup an automatic proxy script that tells the browser which port on the squid box to go to. Then you can periodically change the port. (Or you can just change to an obscure port and hope less people find

RE: Squid security

2001-12-04 Thread Chris Massam
ACL's are avalible in squid, what you can do is setup an ACL to allow only your networks IP's to connect to squid, and deny everything else. like this: acl all src 0.0.0.0/0.0.0.0 acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx

Re: Squid security

2001-12-04 Thread Ralf Dreibrodt
Hi, Trouble is, the IP addresses that access squid don't have host names (ie. they don't exist) and they keep changing. Is there any way to block access to this and is there a good FAQ, etc. there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid). But you should not block these

Re: Squid security

2001-12-04 Thread Rishi L Khan
On another server, which I have squid running and want running, I keep getting accesses from http://service.bfast.com/bfast/serve and someone seems to be accessing web pages late at night when everyone has gone home. Trouble is, the IP addresses that access squid don't have host names (ie.

Re: Squid security

2001-12-04 Thread Ricardo B
msg.pgp Description: PGP message

RE: Squid security

2001-12-04 Thread Rishi L Khan
Another way to do it is setup an automatic proxy script that tells the browser which port on the squid box to go to. Then you can periodically change the port. (Or you can just change to an obscure port and hope less people find it). -rishi On Tue, 4 Dec 2001, Chris Harrison

Re: Re: Squid security

2001-12-04 Thread Phillip Hofmeister
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I tend to agree that filtering things at layer 3 and 4 is the best policy (since I don't fully trust every program I run to filter itself properly). iHowever, if you are running 2.4 kernel you will need to investigate iptables rather than

Re: Squid security

2001-12-04 Thread Ian McDonald
Sent: Tuesday, December 04, 2001 3:27 PM Subject: RE: Squid security Another way to do it is setup an automatic proxy script that tells the browser which port on the squid box to go to. Then you can periodically change the port. (Or you can just change to an obscure port and hope less people

RE: Squid security

2001-12-04 Thread Chris Massam
ACL's are avalible in squid, what you can do is setup an ACL to allow only your networks IP's to connect to squid, and deny everything else. like this: acl all src 0.0.0.0/0.0.0.0 acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx