Yes that should do it. But to let Squid do its job against DoS and such
security attacks ...

On 14/04/18 17:36, xpro6000 wrote:
> This should do it
> 

Move all these custom rules between here ...

> acl Allowed_IPs src "/etc/squid/Allowed_IPs.txt"
> http_access allow Allowed_IPs
> 
> auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> 
> acl ncsa_users proxy_auth REQUIRED
> http_access allow ncsa_users
> 

... and here.


> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager

... Down to this position after the recommended aka Best Practice)
security protections/rules.

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to