Re: [squid-users] Squid Proxy Hijacked By Hackers in China

Hi,

I upgraded to 3.0. The access log got blown away when i upgraded... Is the following configuration correct for 3.0? Am I missing anything necessary for security?

http_port XXX.XXX.XXX.XXX:80 defaultsite=www.mysite.com vhost
cache_peer 127.0.0.1 parent 80 0 no-query originserver name=myAccel login=PASS
acl our_sites dstdomain www.mysite.com
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all
visible_hostname www.mysite.com
url_rewrite_host_header off
access_log /var/log/squid/access.log squid
coredump_dir /var/spool/squid

--- On Tue, 5/27/08, Henrik Nordstrom <henrik_at_henriknordstrom.net> wrote:

> From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
> Subject: Re: [squid-users] Squid Proxy Hijacked By Hackers in China
> To: badaboom003-asdf_at_yahoo.com
> Cc: squid-users_at_squid-cache.org
> Date: Tuesday, May 27, 2008, 2:22 PM
> tis 2008-05-27 klockan 10:59 -0700 skrev
> badaboom003-asdf_at_yahoo.com:
> > Thanks very much! So, would my configuration file look
> like this (btw, I'm using Squid2.6.STABLE1, is that a
> problem?):
>
> You should upgrade. Possibly you would not have had this
> issue if you
> had upgraded... but it's still unclear to me why you
> had this issue.
> accelerator mode http_port requires requests to go via a
> cache_peer
> (implicit never_direct on accelerated requests).
>
> What did access.log say for such hijacked requests?
>
> > never_direct allow mydomains
> > http_access allow mydomains
> > http_access deny all
>
> Looks good.
>
> Regards
> Henrik
Received on Tue May 27 2008 - 21:44:52 MDT