Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Squid Hardening for DevSecOps

Table of contents

  1. Disable HTTP TRACE method
  2. Limit maximum object size
  3. Enable access logging
  4. Limit client connections
  5. Restrict allowed ports

List of some best practices to harden Squid for DevSecOps

Disable HTTP TRACE method

acl HTTP-methods method TRACE<br>http_access deny HTTP-methods

Limit maximum object size

maximum_object_size 1 MB

Enable access logging

access_log /var/log/squid/access.log

Limit client connections

acl clients src
http_access allow clients
http_max_clients 50

Restrict allowed ports

acl Safe_ports port 80 443 8080
http_access deny !Safe_ports