Pesquisar neste blog

quinta-feira, 20 de março de 2014

Configurando o Squid para usar diferentes links de internet

SQUID is a powerful and fast object cache server. It proxies FTP and WWW sessions making it relatively safe. Squid would be very hard to use to actually compromise the system and runs as a non root user (typically 'nobody'), so generally it's not much to worry about. Your main worry with Squid should be improper configuration. For example, if Squid is hooked up to your internal network (as is usually the case), and the internet (again, very common), it could actually be used to reach internal hosts (even if they are using non-routed IP addresses). Hence proper configuration of Squid is very important.

The simplest way to make sure this doesn't happen is to use Squid's internal configuration and only bind it to the internal interface(s), not letting the outside world attempt to use it as a proxy to get at your internal LAN. In addition to this, firewalling it is a good idea. Fortunately Squid has very good ACL's (Access Control Lists) built into the squid.conf file, allowing you to lock down access by names, IP’s, networks, time of day, actual day. Remember however that the more complicated an ACL is, the slower Squid will be to respond to requests.

Example where requests from will be forwarded with source address, forwarded with source address and the rest will be forwarded with source address

acl abc src
acl xyz

tcp_outgoing_address abc
tcp_outgoing_address xyz

This will prevent anyone from using Squid to probe your internal network.

Read more:

Nenhum comentário: