From b9d7fe3e4f23c2c39e8c99672af74bdd7da59f9d Mon Sep 17 00:00:00 2001
From: hno <>
Date: Sat, 23 Feb 2002 08:36:31 +0000
Subject: [PATCH] Added some notes to hopefully make it easier for people to
 make a reasonably secure Squid setup.

---
 src/cf.data.pre | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 6a3eb10186..5a7c27cd9d 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.248 2002/01/16 02:55:40 hno Exp $
+# $Id: cf.data.pre,v 1.249 2002/02/23 01:36:31 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -82,6 +82,11 @@ DOC_START
 	address, however.
 
 	You may specify multiple socket addresses on multiple lines.
+
+	If you run Squid on a dual-homed machine with a internal
+	and an external interface then we recommend you to specify the
+	internal address:port in http_port. This way Squid will only be
+	visible on the internal address.
 DOC_END
 
 NAME: https_port
@@ -1996,6 +2001,12 @@ http_access deny CONNECT !SSL_ports
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 
+# Exampe rule allowing access from your local networks. Adapt
+# to list your (internal) IP networks from where browsing should
+# be allowed
+#acl our_networks src 192.168.1.0/24 192.168.2.0/24
+#http_access allow our_networks
+
 # And finally deny all other access to this proxy
 http_access deny all
 NOCOMMENT_END
-- 
2.47.2