atit jariwala wrote:
>
> Hello Squid Users and Developers,
> Squid has ACL For CONNECT Method
> it is
>
> acl SSL_ports port 443 563
> acl CONNECT method CONNECT
> http_access deny CONNECT !SSL_ports
>
> Why squid has default behaviour to deny CONNECT requests on non-standard SSL Ports
> Some sites are implementing SSL on non-standard SSL Port
> So squid's this behaviour is creating problem in surfing such site.
True, the same applies for all sites using none standard http port(s).
> I am planning to allow CONNECT on non-standard SSL Port as well but before that i want to know the reasons for default DENY action.
Allowing it, will make squid a 'hacking door' for your
users, possibly using CONNECT
methods from hacking applications to for instance relay e-mail on
unprotected sites.
If you want to be 'Internet friendly' then only open this for
ports/sites
where you really need it.
M.
> Waiting for Reply
> ===== Atit Jariwala
-- 'Love is truth without any future. (M.E. 1997)Received on Wed Jun 25 2003 - 01:10:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:37 MST