Hello,
I am thinking about make a [transparent proxy + http accelerator +
server] on the same machine.
But I do not know if it is secure this configuration.
->Lan to Internet: Transparent proxy using acl LAN, redirected port 80
to squid port in firewall. Destination all.
->Intenet to Server. http accelerator. 80 to 3128 redirected on
firewall. Destination only server domain names.
It's secure?
Could work fine in the same machine http accelerator and transparent
proxy with the same squid server?
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl Safe_ports port 80 # http
> acl Safe_ports port 1025-65535 # unregistered ports
> acl CONNECT method CONNECT
> acl SSL_ports port 443
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> acl LAN src 192.168.1.0/24
> http_access allow LAN
>
> acl XENO dstdomain .my.server.com # Destination server from URL
> http_access allow XENO
> # Really I do not understand well how to make the union of two prerequisites, that should be:
> # (source all acl && dstdomain .my.server.com) to allow access from Internet to server.
>
> http_access allow localhost
> http_access deny all
-- -- Publicidad http://www.pas-world.comReceived on Mon Apr 28 2008 - 21:47:39 MDT
This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT