Re: [squid-users] opening a port for a spesific destination

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 01 Mar 2011 23:20:56 +1300

On 01/03/11 23:05, a bv wrote:
> thanks ,
>
> i already do some configuration on it but sometimes i get my mind
> mixed so i wanna go on my question again.
>
> First : Do i have to define my port as Safe port?

The default Safe_ports ACL already has ports 1025-65535 which includes
8888. If you have removed that then you will need to add the port back in.

> Second : �f i do the first one do all the clients will access anywhere
> with that port?

Yes. Normally all clients can access websites regardless of whether they
are served by Java, SOAP or AJAX services with alternative ports.

> Third. If so how must my acl would be?
>
> acl myweirdport port 8888
> http_access allow myweirdport x.y.z.t
> x.y.z.t is the destination ip which i like the clients access with that port?

You need a ACL to define each test. One for the IP, one for the port.

To limit the port access to only that IP...
  Adding the port to Safe_ports will make it generally not rejected,
  Then you must add a *deny* access rule and use ! (meaning "not")
before the IP ACL to reject other IPs going there.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.11
   Beta testers wanted for 3.2.0.5
Received on Tue Mar 01 2011 - 10:21:13 MST

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 12:00:06 MST