squid/squid-3.0.STABLE15-default_config.patch

41 lines
1.6 KiB
Diff

diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre
--- squid-3.0.STABLE15.orig/src/cf.data.pre 2009-05-06 13:11:41.000000000 +0200
+++ squid-3.0.STABLE15/src/cf.data.pre 2009-05-18 17:13:37.000000000 +0200
@@ -123,7 +123,7 @@
If you want to use the traditional NCSA proxy authentication, set
this line to something like
- auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
+ auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth /etc/passwd
"children" numberofchildren
The number of authenticator processes to spawn. If you start too few
@@ -185,7 +185,7 @@
If you want to use a digest authenticator, set this line to
something like
- auth_param digest program @DEFAULT_PREFIX@/bin/digest_pw_auth @DEFAULT_PREFIX@/etc/digpass
+ auth_param digest program @DEFAULT_PREFIX@/bin/digest_pw_auth /etc/digpass
"children" numberofchildren
The number of authenticator processes to spawn (no default).
@@ -630,6 +630,9 @@
NOCOMMENT_START
#Recommended minimum configuration:
+acl password proxy_auth REQUIRED
+acl all src 0.0.0.0/0.0.0.0
+acl lan src 127.0.0.1/255.255.255.255 # <insert the local network here>
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
@@ -685,6 +688,8 @@
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
+http_access deny !lan !localhost
+http_access allow password
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports