RE: [squid-users] Safe Ports

From: Hermann Strassner <[email protected]>
Date: Thu, 4 Apr 2002 10:25:00 +0200

Ups, now i see your point: Non Safe Ports are denied by default. What
happens to Safe_Ports depends on your other ACLs. Nothing special is done to
them.
Here is the default config:
#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access deny all

As documented, you have to insert your own rules. By defrault nobody is
allowed http_access.
You HAVE TO insert here who is allowed to go to the internet. Nobody is
allowed by default.

Your Question is wrong. Here there are safe_ports allowed by default. I
can't imagine that you have an other default than me.

My squid.conf:

acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

http_access deny !Safe_ports

Hermann

> -----Original Message-----
> From: Juergen Lucka [mailto:lucka@dw-westfalen.de]
> Sent: Thursday, April 04, 2002 9:33 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Safe Ports
>
>
> why are Safe Ports denied by default in Squid ??
> Can someone explain me this ??
> greetings
> Juergen Lucka
> (EDV-Koordination)
> Diakonisches Werk Westfalen
> Tel.:0251,2709-731
> Fax:0251,2709-55731
> Mail: lucka@dw-westfalen.de
>
>
Received on Thu Apr 04 2002 - 01:25:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:21 MST