On mån, 2008-04-28 at 23:45 +0200, F. wrote:
> I am thinking about make a [transparent proxy + http accelerator +
> server] on the same machine.
> But I do not know if it is secure this configuration. 
> ->Lan to Internet: Transparent proxy using acl LAN, redirected port 80
> to squid port in firewall. Destination all.
> ->Intenet to Server. http accelerator. 80 to 3128 redirected on
> firewall. Destination only server domain names.

It's fine in 2.6 and later, but you need two different http_port for
this kind of setup. One for the proxy port, and one for the accelerator
port.

It's a little tricky to get the access controls right, but not too hard
if you are careful. And even if you do get things slightly wrong Squid
will not allow you to do very bad things unless you tell it that you
know what you are doing...

The configuration you suggested looks fine to me, but I would probably
switch the order somewhat to have the accelerated domains before your
local lan. When the configuration is as simple as you are doing now it
doesn't matter very much, but the day you start doing authentication for
your LAN clients etc things gets quite different...


Regards
Henrik

Reply via email to