>The authors of Squid sorted that problem out YEARS ago. The default ACLs >within Squid state: > >acl SSL_ports port 443 563 ># Deny CONNECT to other than SSL ports >http_access deny CONNECT !SSL_ports > >i.e. you can only use the CONNECT proxy option for ports 443 and 563. > >I'm amazed this isn't the default in other products... I love Squid, and yes, default Squid configuration solves this problem... But if you want a secure proxy, you have to change the parameter http_port to listen only to your internal IP address!!! Default config is: http_port 0.0.0.0 so anyone from the internet can use your proxy (I fond a lot of server so configured!!!!). Change it to http_port 192.168.1.254 #private IP My 0.02... Tommaso Di Donato
This archive was generated by hypermail 2b30 : Sat Feb 23 2002 - 04:08:33 PST