On Wed, 1 Nov 2000, Thomas Hettick wrote:
> Hi,
> I have an issue with a website that Squid is not allowing one of my users
> to go to. This is the website:
> http://www.avweb.com:81/common/msg/srchmsgs.cgi
>
> It doesn't seem to like the :81 part does anyone have an idea of what is
> going on. Here is the message I get when accessing the site:
10.14. Why does Squid deny some port numbers?
It is dangerous to allow Squid to connect to certain port numbers.
For example, it has been demonstrated that someone can use Squid as an
SMTP (email) relay. As I'm sure you know, SMTP relays are one of the
ways that spammers are able to flood our mailboxes. To prevent mail
relaying, Squid denies requests when the URL port number is 25. Other
ports should be blocked as well, as a precaution.
There are two ways to filter by port number: either allow specific
ports, or deny specific ports. By default, Squid does the first.
This is the ACL entry that comes in the default squid.conf:
acl Safe_ports port 80 21 443 563 70 210 1025-65535
http_access deny !Safe_ports
The above configuration denies requests when the URL port number is
not in the list. The list allows connections to the standard ports
for HTTP, FTP, Gopher, SSL, WAIS, and all non-priveleged ports.
Another approach is to deny dangerous ports. The dangerous port list
should look something like:
acl Dangerous_ports 7 9 19 22 23 25 53 109 110 119
http_access deny Dangerous_ports
Please consult the /etc/services file on your system for a list of
known ports and protocols.
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 01 2000 - 14:21:06 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:13 MST