LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   SQUID strange security issue (https://www.linuxquestions.org/questions/linux-software-2/squid-strange-security-issue-319592/)

ivanatora 05-03-2005 12:37 AM
SQUID strange security issue
 
We have s small network, the internet connection is provided by a gateway, which SNATs every of the inside PCs (everyone by its IP, not the entire subnet). So If a new PC comes with another IP it shouldn't have internet access. On that gateway we have squid-cache running. I tried to change my IP to another one, which isn't SNATed and can't open web pages. BUT! If I configure as proxy for the browser the squid server, the squid fetches me web pages! I'm not sure what makes squid acting like this, and if it is normaly behavior.. In it's acl's is defined our network as 'http_access allow" and everything other is denied. I don't want squid fetching web pages for PCs that doesn't have to have internet access... Do I have to list all of my PCs in squid's acls, or the salvation is much simplier?

Matir 05-03-2005 06:32 PM
Well, I don't think that's so much a security issue with squid as a network-level issue. You could look into a proxy that forces authentication or some such. How do you want to determine who gets through?

ivanatora 05-06-2005 12:55 PM
Authentication based on the host's IP should be simple enough. I tried to restrict a range of acceptable IPs but can't make the acl... I made that thread trying to set that range.
But I'm sure there could be easier way...


All times are GMT -5. The time now is 11:39 PM.