Hello Charles, ----- Original Message ----- From: "Charles Steinkuehler" <[EMAIL PROTECTED]> To: "Victor Berdin" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 8:07 PM Subject: Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
> Victor Berdin wrote: > > <snip> > > > At present I'm scouring the net for info on how to go about with this. > > This is really embarassing as I had no idea that having an open proxy > > server is a no-no. (http://theproxyconnection.com/openproxy.html) > > But it is my requirement to allow EVERYBODY to be able to access > > my web server in the private net. > > Perhaps some more squid howto is the answer. But further tips on > > tightening a firewall is also very much welcome (TIA). > > If you *REALLY* want to do this using a proxy like squid, you need to > put appropriate access rules in place. > > Start by denying everything. > > Then enable access *ONLY* to your local web server for all IP's. > > Finally, you can enable general access for users on your local lan, if > necessary. > > I'm not a squid guru, but the info on setting this up should be in the > squid documentation and/or various HOWTOs. I suggest you start with the > access control section of the squid manual: > http://squid.visolve.com/squid24s1/access_controls.htm > > Looks like you can control access based on source IP, destination, and > protocol...everything you need to lock down the proxy to *JUST* allowing > access to your local server, rather than the internet in general. > > -- > Charles Steinkuehler > [EMAIL PROTECTED] But it is my requirement that I allow both public and private, directing them to a specific web server in my private net. I think I've got it with hints from Jaime. Need to test further though before raising it up again in the harsh public environment ;o) - Vic ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html