Start by reading the Squid FAQ. It has a whole chapter on "transparent"
proxying.
The security risk is no other than setting up a normal proxy. The
confusion on this subject is from the small detail that the same
squid.conf directives is used when you set up Squid as a accelerator
infront of your own servers and then one of the directives has security
implications as it effectively enables Squid to run as a proxy..
Without this directive a pure accelerator server does not need to care
much about access controls, but when you enable it the administrator
needs to care to set up proper http_access controls to control which
sites the accelerator may be used for.
As you are setting up a proxy (transparent or not) you must set up
http_access access controls to limit who may use the proxy. A slightly
different scenario from setting up a accelerator server.
Regards
Henrik
tis 2002-11-12 klockan 15.53 skrev Bennett F. Dill:
> I am interested in setting up my squid box as a transparent
> proxy/caching server... I have heard that this is possible, but im just
> not sure how to accomplish this. I have also heard that it can be a
> security risk.
>
> I am only interested in allowing the internal network 192.168.0.0/24 in
> being able to access the transparent proxy. I should note the the squid
> box _is_ running apache w/multiple websites. I'm not sure how that
> affects the possibility of running the transparent cache.
>
> If anyone can offer some example comfiguration I would be greatfull.
>
> Ben
Received on Tue Nov 12 2002 - 08:23:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:18 MST