Re: deny !Safe_ports, any critical reasons? (abuse..)

From: Jason Haar <Jason.Haar@dont-contact.us>
Date: Fri, 8 Jan 1999 08:47:00 +1300

On Thu, Jan 07, 1999 at 10:51:52PM +1300, Chris Wedgwood wrote:
>
> Why -- I only allow people to use connect with 443 and 563 -- I see
> no reason for them to use a squid proxy a connection on any other
> port.

That's your call - I've found that users here access sites running on all
sorts of ports - for valid business sites. Don't ask me why these people run
web servers on wierd port numbers, I'm not running their sites :-)

Deny all port numbers but those you "trust" is bogus anyway. If I wanted to
tunnel into/out of a network, I'd ensure I ran my tunnel on port 80/443
anyway - try stopping that...

CONNECT is hell... (strange that the "secure" portion of HTTP has become one
of the most dangerous...)

-- 
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
Received on Thu Jan 07 1999 - 13:04:34 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:55 MST