Andrew Daviel writes:
>
>Slightly off-topic perhaps; thought I'd query the collective wisdom...
>
>I maintain a page of cache advice (http://vancouver-webpages.com/CacheNow;
>slightly stale now and needs more HTTP/1.1 tips) which includes a link
>to IRC4ALL. IRC4ALL maintains a list of transparent and non-transparent
>proxies, many apparantly Squid on 3128. On this list is a certain company
>which doesn't wish to be on it, running an open proxy (didn't have
>ACL, does now I think).
>
>What do people think of the ethics of publishing apparantly public
>services on well-known ports? I thought it might be compared to
>a search engine testing port 80, but my correspondant thinks it's more
>like testing port 25 for mail relay. I think it's rude; he thinks it's
>abuse.
I think its fine if you list it initially, but if they ask to be
taken off the list, then it should be taken off.
>I seem to recall that NLANR has had ACLs for years, and if I understand
>things the ncsa-auth in Squid 2 would allow a roaming user to access the
>cache by password, which I think was their reason for not using ACL.
Yes, we've used IP-based access controls for a long time. We used to have
one cache (squid.nlanr.net) which didn't have any restrictions, but then
we got hit with a number of reports of abuse. So now we have ACL's there
too.
squid.nlanr.net is the only cache we allow end-users to use. All
others are supposed to be child caches. Supporting end-users with IP
ACL's is difficult, obvisouly, because of dynamic addresses, etc.
We'll probably start using password based authentication on
squid.nlanr.net soon.
Duane W.
Received on Thu Jan 14 1999 - 09:42:36 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:02 MST