Re: [squid-users] Config seems to allow CONNECT to privileged ports

From: Henrik Nordstrom <[email protected]>
Date: 22 May 2003 11:40:59 +0200

tor 2003-05-22 klockan 10.38 skrev Ralf Hildebrandt:
> Our config (below) seems to allow access to privileged ports. Proof:

You are missing the rules to deny access to unprivileged ports. You have
all the needed acls defined to build these rules, but are missing the
actual http_access rules using these acls to deny access..

To get a better understanding of your access controls just look at the
http_access rules

  grep ^http_access squid.conf

Squid reads these in the order listed, and the first line matching the
request (where all listed acl elements on the line is true) will
allow/deny the request.

Any acls used by your http_access rules must be defined before where
they are used. An an acl alone does not have any effect. acl directives
are building blocks used by http_access and other acl driven to build
rules on how Squid should act.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [email protected]
Received on Thu May 22 2003 - 03:41:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:51 MST