squid-deb-proxy does not allow downloading from arbitrary mirrors of packages
Bug #804267 reported by
Clint Byrum
This bug report is a duplicate of:
Bug #545830: 403 error when using a non-cached repository.
Edit
Remove
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squid-deb-proxy (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
If I install squid-deb-
Changed in squid-deb-proxy (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
That would allow other machines in your network to use your proxy to access all sites. You can edit /etc/squid- deb-proxy/ mirror- dstdomain. acl and add the hostnames of your private repositories to it.
If you really want to allow access to resources based on the path, comment the following line in /etc/squid- deb-proxy/ squid-deb- proxy.conf by adding a hash sign (#) before it:
http_access deny !to_ubuntu_mirrors
Next, add two line after `http_access allow localhost`:
acl Safe_path urlpath_regex (\.deb| Release( \.gpg)? \|(Sources| Packages) \.(bz2| gz)|Contents- (amd64| i386)\. gz)$
http_access deny !Safe_path
The above regex is incomplete, a lot files are still not included but it should be sufficient for regular apt-get update and apt-get installs (not apt-get source).
Related documentation: http:// www.squid- cache.org/ Versions/ v2/2.7/ cfgman/ acl.html