Home | Forum | MAN Pages | Tutorials | Directory | HOWTOs | About Me | Contact
 
Squid HOWTOs
1. About Squid
2. Getting and Compiling Squid
3. Installing and Running Squid
4. Configuration issues
5. Communication between browsers and Squid
6. Squid Log Files
7. Operational issues
8. Memory
9. The Cache Manager
10. Access Controls
11. Troubleshooting
12. How does Squid work?
13. Multicast
14. System-Dependent Weirdnesses
15. Redirectors
16. Cache Digests
17. Interception Caching/Proxying
18. SNMP
19. Squid version 2
20. httpd-accelerator mode
21. Related Software
22. DISKD
23. Authentication
24. Terms and Definitions
25. Security Concerns
FAQS
» Advanced Routing & Traffic Control
» General FAQ
» Squid Proxy Server
» Sendmail
» Fetchmail
» Postfix
» Connecting Mobile Phone
» Paging from Linux
» Standard Commands
» Some common terms
Linux HOWTOs
- Single List of HOWTOs
-
Warning: file(link1.inc) [function.file]: failed to open stream: No such file or directory in /home/.showoff/linuxfaqs/linux-faqs.com/link1.php on line 12

Warning: Invalid argument supplied for foreach() in /home/.showoff/linuxfaqs/linux-faqs.com/link1.php on line 16

-
Warning: file(link2.inc) [function.file]: failed to open stream: No such file or directory in /home/.showoff/linuxfaqs/linux-faqs.com/link2.php on line 12

Warning: Invalid argument supplied for foreach() in /home/.showoff/linuxfaqs/linux-faqs.com/link2.php on line 16

-
Warning: file(link3.inc) [function.file]: failed to open stream: No such file or directory in /home/.showoff/linuxfaqs/linux-faqs.com/link3.php on line 12

Warning: Invalid argument supplied for foreach() in /home/.showoff/linuxfaqs/linux-faqs.com/link3.php on line 16

-
Warning: file(link4.inc) [function.file]: failed to open stream: No such file or directory in /home/.showoff/linuxfaqs/linux-faqs.com/link4.php on line 12

Warning: Invalid argument supplied for foreach() in /home/.showoff/linuxfaqs/linux-faqs.com/link4.php on line 16

-
Warning: file(link5.inc) [function.file]: failed to open stream: No such file or directory in /home/.showoff/linuxfaqs/linux-faqs.com/link5.php on line 12

Warning: Invalid argument supplied for foreach() in /home/.showoff/linuxfaqs/linux-faqs.com/link5.php on line 16

-
Warning: file(link6.inc) [function.file]: failed to open stream: No such file or directory in /home/.showoff/linuxfaqs/linux-faqs.com/link6.php on line 12

Warning: Invalid argument supplied for foreach() in /home/.showoff/linuxfaqs/linux-faqs.com/link6.php on line 16

- Install-From-ZIP
- LDAP-Implementation-HOWTO
- LinuxDoc+Emacs+Ispell-HOWTO
- NCURSES-Programming-HOWTO
- openMosix-HOWTO
- PHP-Nuke-HOWTO
- SCSI-Generic-HOWTO
- Smart-Card-HOWTO
- TeTeX-HOWTO
- User-Group-HOWTO
- VideoLAN-HOWTO
- Web-Browsing-Behind-ISA-Server-HOWTO
- XFree86-Video-Timings-HOWTO
- ADSL Bandwidth Management
- Compile Apache
- Make a Bootdisk
- Linux-Windows9x-Grub
- Linux-Windows
- Linux Crash Recovery
- Optimise Squid
- Block websites in Squid
- Broadcast webcam in linux
- Compile RedHat Linux kernel
- Implement Firewall Security
- Increase Harddrive Performance
- Mount NTFS filesystem
- Patch / rebuild SRPM
- Secure Linux
- Set up a DHCP Server
- Set up an FTP server
- Set up Linux as a Router
- Use Cron
- Samba
Miscellaneous
» All Ports
» Spammers fetch email addresses
» Mounting NTFS in linux
» Linux Gazette
» Linux Man Pages
» Linux Directory
Linux Man Pages
- Section 1
- Section 2
- Section 3
- Section 4
- Section 5
- Section 6
- Section 7
- Section 8
Linux Directory
- General Information
- Linux Hardware
- Software / Applications
- Web Technology
- Software Development
- Linux Distributions
- Linux Publications
- Linux Beginners


 
Next Previous Contents

25. Security Concerns

25.1 Open-access proxies

Squid's default configuration file denies all client requests. It is the administrator's responsibility to configure Squid to allow access only to trusted hosts and/or users.

If your proxy allows access from untrusted hosts or users, you can be sure that people will find and abuse your service. Some people will use your proxy to make their browsing anonymous. Others will intentionally use your proxy for transactions that may be illegal (such as credit card fraud). A number of web sites exist simply to provide the world with a list of open-access HTTP proxies. You don't want to end up on this list.

Be sure to carefully design your access control scheme. You should also check it from time to time to make sure that it works as you expect.

25.2 Mail relaying

SMTP and HTTP are rather similar in design. This, unfortunately, may allow someone to relay an email message through your HTTP proxy. To prevent this, you must make sure that your proxy denies HTTP requests to port 25, the SMTP port.

Squid is configured this way by default. The default squid.conf file lists a small number of trusted ports. See the Safe_ports ACL in squid.conf. Your configuration file should always deny unsafe ports early in the http_access lists: 

http_access deny !Safe_ports
(additional http_access lines ...)

Do NOT add port 25 to Safe_ports (unless your goal is to end up in the RBL). You may want to make a cron job that regularly verifies that your proxy blocks access to port 25.

$Id: FAQ.sgml,v 1.251 2005/06/16 00:44:45 hno Exp $

Next Previous Contents
 
Random Linux Commands
FTP
File Transfer Protocol, used to send and receive files to and from a remote computer. There are many graphical clients available for Linux, such as Kbear and Gftp.

Common Linux terms
Linux-FAQs Forum Categories
» About Forum
» Hardware Troubleshooting in Linux
» Linux Entertainment
» Resources
» Software toubleshooting and configuration
All Linux-FAQs Forums
» Crash Recovery
» FAQs
» Forum Talk
» Games
» General
» Linux Audio Support
» Linux Hardware / Driver
» Linux Installation Support
» Linux misc.
» Linux Networking
» Linux Newbies
» Linux Printing Support
» Linux Security
» Linux Video Support
» Mail Server
» Multimedia
» Tutorials
» Web Proxy Server
» Web Server


 
Powered by HTML
Linux-faqs.com Copyright, All rights reserved www.linux-faqs.com. Peeyush Maurya.