diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre --- squid-3.0.STABLE15.orig/src/cf.data.pre 2009-05-06 13:11:41.000000000 +0200 +++ squid-3.0.STABLE15/src/cf.data.pre 2009-05-18 17:13:37.000000000 +0200 @@ -123,7 +123,7 @@ If you want to use the traditional NCSA proxy authentication, set this line to something like - auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth @DEFAULT_PREFIX@/etc/passwd + auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth /etc/passwd "children" numberofchildren The number of authenticator processes to spawn. If you start too few @@ -185,7 +185,7 @@ If you want to use a digest authenticator, set this line to something like - auth_param digest program @DEFAULT_PREFIX@/bin/digest_pw_auth @DEFAULT_PREFIX@/etc/digpass + auth_param digest program @DEFAULT_PREFIX@/bin/digest_pw_auth /etc/digpass "children" numberofchildren The number of authenticator processes to spawn (no default). @@ -630,6 +630,9 @@ NOCOMMENT_START #Recommended minimum configuration: +acl password proxy_auth REQUIRED +acl all src 0.0.0.0/0.0.0.0 +acl lan src 127.0.0.1/255.255.255.255 # acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 @@ -685,6 +688,8 @@ # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager +http_access deny !lan !localhost +http_access allow password # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports