AW: [squid-users] Securing squid3

From: Fuhrmann, Marcel <Marcel.Fuhrmann_at_lux.ag>
Date: Thu, 14 Feb 2013 15:00:09 +0000

Hi Andreas,

take a look:

1.
acl LAN 192.168.0.0/32
..
..
http_access allow LAN
http_access deny ALL

2. http_port SQUID-IP:3128

3. Example:

squid.conf:
cache_peer localhost parent 8899 0 no-query no-digest

havp.conf:
#Port
PORT 8899

--
 Marcel
-----Ursprüngliche Nachricht-----
Von: Andreas Westvik [mailto:andreas_at_spbk.no] 
Gesendet: Donnerstag, 14. Februar 2013 15:43
An: squid-users
Betreff: [squid-users] Securing squid3 
Hi everybody
I have been running squid3 on my Debian squeeze on/off for a few weeks now. 
And there is a few things Im not sure of
1. How can I be sure that Im running it securely? I really only want squid3 to server my local clients (192.168.0.0/32). 
2. Can I bind squid3 to only listen to any device/ip?
3. just for fun, I have setup havp on a different server. Is it possible to send my http traffic to that server first? (havp runs on 192.168.0.24) Then back to squid3? 
As of now, I need to configure my clients to connect to that havp server, then havp will send traffic back to squid. But I would like to happen with some automatic iptables commands.
I have tried several iptables setup, but nothing will make this work. I cannot for the life of me intercept the port 80 traffic, then redirect it to 192.168.0.24:3127 
Like this: Client -> Gw 192.168.0.1 -> havp 192.168.0.24:3127 -> squid3 192.168.0.1:3128 -> internets
This is my setup:
http_port 3128 transparent
acl LAN src 192.168.0.0/32
acl localnet src 127.0.0.1/255.255.255.255 http_access allow LAN http_access allow localnet cache_dir ufs /var/spool/squid3 5000 16 256
#Block
acl ads dstdom_regex -i "/etc/squid3/squid.adservers"
http_access deny ads
eth3: 192.168.0.1 (non-dhcp envirment)
eth4: wan official ip (non-dchp)
-Andreas
Received on Thu Feb 14 2013 - 15:00:17 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 14 2013 - 12:00:05 MST