On Saturday 11 August 2018 at 15:26:40, Amos Jeffries wrote: > On 11/08/18 09:43, Antony Stone wrote: > > On Friday 10 August 2018 at 20:13:06, erdosain9 wrote: > >> Thanks to all!! > >> Now is working fine. > >> > >> Just, one question to know... i make this accessible from the > >> internet... so, i create some acl 0.0.0.0/0 and it's working. > > That is almost but deceptively not quite the same as "allow all".
Nice description :) > >> But.. this is a security issue??? or it's ok declare that ACL. > > > > If you want everyone / anyone on the Intenet to be able to get to your > > servers, that is the obvious (and correct) ACL to use. > > No, sorry. It is not. > > The correct config is to use: > > http_access allow foo > > Where "foo" is the same ACLs you use on cache_peer_access to determine > which traffic goes to the peers. > > That way Squid is able to block random other domains that virus scans > etc try to use to detect open proxies. Hm, I had thought that since this Squid was only configured to be a reverse proxy for the two servers under discussion, allowing access from anywhere would still only offer those two destinations? It wouldn't offer forward-proxy services with that configuration, surely? Antony. -- Wanted: telepath. You know where to apply. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list firstname.lastname@example.org http://lists.squid-cache.org/listinfo/squid-users