RE: [squid-users] Safe Ports

From: Hermann Strassner <[email protected]>
Date: Thu, 4 Apr 2002 11:24:03 +0200

> but I want to know what are happens with these ports all
> Port 21 80 I know.
> Why are they blocked by default ??

They are not blocked!
If you do not insert any http_access allow rule these ports are denied as
anything else by the ACL > http_access deny all.

Nothing else.

Hermann

> Ups, now i see your point: Non Safe Ports are denied by default. What
> happens to Safe_Ports depends on your other ACLs. Nothing special
> is done to
> them.
> Here is the default config:
> #Defaults:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> #Default configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access deny all
>
> As documented, you have to insert your own rules. By defrault nobody is
> allowed http_access.
> You HAVE TO insert here who is allowed to go to the internet. Nobody is
> allowed by default.
>
>
> Your Question is wrong. Here there are safe_ports allowed by default. I
> can't imagine that you have an other default than me.
>
> My squid.conf:
>
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
>
> http_access deny !Safe_ports
>
> Hermann
>
> > -----Original Message-----
> > From: Juergen Lucka [mailto:lucka@dw-westfalen.de]
> > Sent: Thursday, April 04, 2002 9:33 AM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Safe Ports
> >
> >
> > why are Safe Ports denied by default in Squid ??
> > Can someone explain me this ??
> > greetings
> > Juergen Lucka
> > (EDV-Koordination)
> > Diakonisches Werk Westfalen
> > Tel.:0251,2709-731
> > Fax:0251,2709-55731
> > Mail: lucka@dw-westfalen.de
> >
> >
>
>
>
Received on Thu Apr 04 2002 - 02:24:07 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:21 MST