Re: [Skunkworks] help: squid+dansgaurdian setup compromised.

21 Aug 2009

      i will check. but my understanding was that there is a link btw squid and dansgaurdian and indeed only localhost 127.0.0.1 is configured to run squid -the other IPs being denied since they get access via dansguardian. so am a bit suprised to see foreign IPs.

walu.

--- On Fri, 8/21/09, Alex Nderitu <nderitualex@gmail.com> wrote:
...
From: Alex Nderitu <nderitualex@gmail.com>
Subject: Re: [Skunkworks] help: squid+dansgaurdian setup compromised.
To: "Skunkworks forum" <skunkworks@lists.my.co.ke>
Date: Friday, August 21, 2009, 10:56 AM
Walu,
The first thing you need to look at it ACL on squid. It
should ideally have been the next step after installation.
<sample>
acl localnet src x.x.x.x/x     
#x.x.x.x is your network
http_access allow localnet
http_access deny all
</sampe>
This is a very flexible list. Work on customizing it for
your need.
-----Original Message-----
From: Walubengo J <jwalu@yahoo.com>
Reply-to: Skunkworks forum
<skunkworks@lists.my.co.ke>
To: skunk <skunkworks@my.co.ke>
Subject: [Skunkworks] help: squid+dansgaurdian setup
compromised.
Date: Thu, 20 Aug 2009 23:32:13 -0700 (PDT)
hey,
I have a basic traditional  NAT setup of squid+dansguardian
on Linux Ubuntu 8.10. Squid as the proxy and dansguardian as
the content manager. My network has suddenly started
crawling and /var/log/dansguardian/access.log shows foreign
IPs riding on my bandwidth and visiting graphic porn sites
with impunity.
Could someone give pointers on where I need to tighten the
configs to keep off the external bad boys and girls (IPs)
from the riding my proxy server?
walu.
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-----Inline Attachment Follows-----
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general