From: hno <>
Date: Sat, 23 Feb 2002 08:36:31 +0000 (+0000)
Subject: Added some notes to hopefully make it easier for people to make a
X-Git-Tag: SQUID_3_0_PRE1~1175
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9d7fe3e4f23c2c39e8c99672af74bdd7da59f9d;p=thirdparty%2Fsquid.git

Added some notes to hopefully make it easier for people to make a
reasonably secure Squid setup.
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 6a3eb10186..5a7c27cd9d 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.248 2002/01/16 02:55:40 hno Exp $
+# $Id: cf.data.pre,v 1.249 2002/02/23 01:36:31 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -82,6 +82,11 @@ DOC_START
 	address, however.
 
 	You may specify multiple socket addresses on multiple lines.
+
+	If you run Squid on a dual-homed machine with a internal
+	and an external interface then we recommend you to specify the
+	internal address:port in http_port. This way Squid will only be
+	visible on the internal address.
 DOC_END
 
 NAME: https_port
@@ -1996,6 +2001,12 @@ http_access deny CONNECT !SSL_ports
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 
+# Exampe rule allowing access from your local networks. Adapt
+# to list your (internal) IP networks from where browsing should
+# be allowed
+#acl our_networks src 192.168.1.0/24 192.168.2.0/24
+#http_access allow our_networks
+
 # And finally deny all other access to this proxy
 http_access deny all
 NOCOMMENT_END