Thank you to all who have replied, all replies were extremely helpful. I am
now unable to ssh using this proxy, though I am still unable to use the
cachemgr.cgi.
Squid is by far one of the best tools I've had the pleasure of using and I
look forward to learning more.
.vp
Vadim
>From: Chris Robertson <crobertson@gci.net>
>
>>ons 2006-04-05 klockan 17:13 +0000 skrev Vadim Pushkin:
>>
>>
>>>Also, I am able to ssh out using my proxy, and I wish not to.
>>>
>>
>
>>
>>Your access controls allows CONNECT to unwanted ports...
>>
>>Note: The suggested default rules restricts CONNECT to only two well
>>known SSL ports for good reasons..
>>
>>Regards
>>Henrik
>>
>>
>Specifically, you've placed your http_access allow lines above the
>http_access deny lines. You might benefit from perusing the FAQ on access
>controls (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html).
>
>In short, if you move your network specific http_access lines below the
>line that reads...
>
>http_access deny CONNECT !SSL_Ports
>
>... but above the line that reads...
>
>http_access deny all
>
>...you should be allowing just the access that you want. Also, you might
>want to get rid of the http_reply_access lines that you added to the
>default config.
>
>Chris
Received on Thu Apr 06 2006 - 08:27:50 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT