Re: some thoughts

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 11 Nov 2002 22:06:02 +0100

On Monday 11 November 2002 23.29, Joey Coco wrote:
> On Mon, 11 Nov 2002, Henrik Nordstrom wrote:
> > On Monday 11 November 2002 16.42, Robert Collins wrote:
> > > On startup run acl tests for :
> > > open proxy config
> > > smtp open relay config
> > > CONNECT to port 80 config
> > > and error for the first two, warn for the third.
> >
> > Good ideas, but I think these should only be loud warnings, not
> > errors.
>
> Hello,
>
> Not everyone wishes to rely on squid's ACL's for access control. My
> proxy's are configured "wide open", but I do all my restrictions
> with firewalling. I'd rather drop or deny packets, use squid block
> it.

So your are also firewalling what Squid may connect to, not only who
may connect to Squid?

Some of the above issues is insane configurations allowing your users
to abuse the proxy for things it is never intended to be used for,
such as connecting to SMTP servers by sending a request for
http://some.smtp.server:25/...

Regards
Henrik
Received on Mon Nov 11 2002 - 14:06:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:41 MST