[squid-users] acl Safe_ports

From: GBloomberg <fin.ack@dont-contact.us>
Date: Tue, 20 Jul 2004 21:24:20 -0700

Hello,

I have a 2 interface Linux router/firewall. Eth0 public, Eth1 private
lan. Squid is installed and running/listening on Eth1 via tcp 3128. I
have a firewall REDIRECT rule that redirects all outgoing
"private_lan" port 80 traffic to tcp 3128. This works great.

After reading through the ACL faq's I'm still confused as to **why**
there is a need for the "Safe_ports" acl elements declared by default
in "squid.conf"?
I was under the assumption that **by default** Squid proxies port 80
traffic and thats it unless otherwise specified? My firewall only
allows the following out to the internet anyways.
udp 53
tcp 20,21,22,25,80,110,443

So I'm assuming there's a good reason to have these defaults but I
don't see why when clients will only be redirected to Squid through
port 80. They go around Squid for all other ports. I could make a few
logical guesses as to why this set the way it is but I wanna be sure
that I'm not missing something else fundamental.

[code]
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
[/code]

Thanks
Received on Tue Jul 20 2004 - 22:24:25 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT