Hi Andreas,
take a look:
1.
acl LAN 192.168.0.0/32
..
..
http_access allow LAN
http_access deny ALL
2. http_port SQUID-IP:3128
3. Example:
squid.conf:
cache_peer localhost parent 8899 0 no-query no-digest
havp.conf:
#Port
PORT 8899
--
Marcel
-Ursprüngliche Nachricht-
Von: Andreas Westvik [mailto:andr...@spbk.no]
Gesendet: Donnerstag, 14. Februar 2013 15:43
An: squid-users
Betreff: [squid-users] Securing squid3
Hi everybody
I have been running squid3 on my Debian squeeze on/off for a few weeks now.
And there is a few things Im not sure of
1. How can I be sure that Im running it securely? I really only want squid3 to
server my local clients (192.168.0.0/32).
2. Can I bind squid3 to only listen to any device/ip?
3. just for fun, I have setup havp on a different server. Is it possible to
send my http traffic to that server first? (havp runs on 192.168.0.24) Then
back to squid3?
As of now, I need to configure my clients to connect to that havp server, then
havp will send traffic back to squid. But I would like to happen with some
automatic iptables commands.
I have tried several iptables setup, but nothing will make this work. I cannot
for the life of me intercept the port 80 traffic, then redirect it to
192.168.0.24:3127
Like this: Client - Gw 192.168.0.1 - havp 192.168.0.24:3127 - squid3
192.168.0.1:3128 - internets
This is my setup:
http_port 3128 transparent
acl LAN src 192.168.0.0/32
acl localnet src 127.0.0.1/255.255.255.255 http_access allow LAN http_access
allow localnet cache_dir ufs /var/spool/squid3 5000 16 256
#Block
acl ads dstdom_regex -i /etc/squid3/squid.adservers
http_access deny ads
eth3: 192.168.0.1 (non-dhcp envirment)
eth4: wan official ip (non-dchp)
-Andreas