<rdf:RDF
    xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'
    xmlns:s='http://snipsnap.org/rdf/snip-schema#'
    xml:base='http://bliki.rimuhosting.com/rdf'>
    <s:Snip rdf:about='http://bliki.rimuhosting.com/rdf#knowledgebase/linux/webserver/proxy+servers:+squid'
         s:cUser='retep'
         s:oUser=''
         s:mUser='retep'>
        <s:name>knowledgebase/linux/webserver/proxy servers: squid</s:name>
        <s:content>1 What is Squid&#xD;&#xA;&#xD;&#xA;Squid is a &apos;proxy&apos; (middle man) for web requests.  You can setup your browser so it uses a proxy for its connection.  Web requests (e.g. to http://slashdot.org) then go to the proxy (not directly to the website in the URL).  The proxy handles the request (forwarding the request to slashdot in this case, then responding to the user with the reply).&#xD;&#xA;&#xD;&#xA;1 Why use Squid&#xD;&#xA;&#xD;&#xA;You may be behind a firewall (typically at an office) where only one designated server is permitted &apos;outside&apos; access.&#xD;&#xA;&#xD;&#xA;Proxies can be used to monitor what you request.  So some places use it for monitoring web site access.&#xD;&#xA;&#xD;&#xA;Some countries censor net access.  You can bypass that using a proxy.&#xD;&#xA;&#xD;&#xA;1 How To Get a Massive Bandwidth Bill: Open Proxies&#xD;&#xA;&#xD;&#xA;If your proxy server is publically accessible and has no authentication restrictions then anyone can use it to access web pages.  It is an open proxy server.&#xD;&#xA;&#xD;&#xA;Typically the people that discover and use these proxies are up to no good (often relating to fraud or accessing material they shouldn&apos;t be).&#xD;&#xA;&#xD;&#xA;For example, one of our customers setup a Proxy server and it was left open.  4 days later we discovered over 600 connected users and 195GB of data transfer usage.&#xD;&#xA;&#xD;&#xA;&#xD;&#xA;1 How to Close an Open Proxy&#xD;&#xA;One way to close an open proxy is to prevent it listening on a public IP.  Then accessing the proxy via a secure SSH tunnel.  This has the added benefit of securing any traffic between you and the proxy server.&#xD;&#xA;&#xD;&#xA;To implement this option put the following line in /etc/squid/squid.conf:&#xD;&#xA;{code:none}http_port 127.0.0.1:3128{code}&#xD;&#xA;&#xD;&#xA;Restart squid: {code:none}/etc/init.d/squid restart{code}&#xD;&#xA;&#xD;&#xA;Then before you access your proxy server setup an SSH tunnel.  e.g.:&#xD;&#xA;{code:none}ssh -L 3128:127.0.0.1:3128 servername{code}&#xD;&#xA;&#xD;&#xA;Be sure to use the localhost IP (127.0.0.1) in the tunnel part.&#xD;&#xA;&#xD;&#xA;Then set you proxy server (e.g. in your browser) to localhost.  And use the 3128  port.&#xD;&#xA;&#xD;&#xA;Test you can no longer use your proxy servers public IP in the proxy setting of your browser.</s:content>
        <s:mTime>2005-08-28 21:50:58.0</s:mTime>
        <s:cTime>2005-08-28 21:50:43.0</s:cTime>
        <s:comments
             rdf:type='http://www.w3.org/1999/02/22-rdf-syntax-ns#Bag'/>
        <s:snipLinks>
            <rdf:Bag>
                <rdf:li rdf:resource='#snipsnap-search'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/linux'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/linux/webserver'/>
                <rdf:li rdf:resource='#knowledgebase'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/linux/webserver/'/>
                <rdf:li rdf:resource='#snipsnap-index'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/linux/webserver/apache/installing and using mod_fastcgi'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/linux/'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/linux/miscapplications/ruby on rails'/>
                <rdf:li rdf:resource='http://bliki.rimuhosting.com/rdf#knowledgebase/linux/mail/postfix notes'/>
            </rdf:Bag>
        </s:snipLinks>
        <s:attachments
             rdf:type='http://www.w3.org/1999/02/22-rdf-syntax-ns#Bag'/>
    </s:Snip>
</rdf:RDF>