Re: [squid-users] Squid CONNECT ACL Problem

From: Marc Elsen <marc.elsen@dont-contact.us>
Date: Wed, 25 Jun 2003 09:10:22 +0200

atit jariwala wrote:
>
> Hello Squid Users and Developers,
> Squid has ACL For CONNECT Method
> it is
>
> acl SSL_ports port 443 563
> acl CONNECT method CONNECT
> http_access deny CONNECT !SSL_ports
>
> Why squid has default behaviour to deny CONNECT requests on non-standard SSL Ports
> Some sites are implementing SSL on non-standard SSL Port
> So squid's this behaviour is creating problem in surfing such site.

  True, the same applies for all sites using none standard http port(s).

> I am planning to allow CONNECT on non-standard SSL Port as well but before that i want to know the reasons for default DENY action.

 Allowing it, will make squid a 'hacking door' for your
 users, possibly using CONNECT
 methods from hacking applications to for instance relay e-mail on
 unprotected sites.

 If you want to be 'Internet friendly' then only open this for
ports/sites
 where you really need it.

 M.

 
> Waiting for Reply
> ===== Atit Jariwala

-- 
 'Love is truth without any future.
 (M.E. 1997)
Received on Wed Jun 25 2003 - 01:10:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:37 MST