[squid-users] Help with UA filtering in https connections
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Jan 2 14:08:15 UTC 2018
On 02.01.18 06:04, squidnoob wrote:
>In my existing config, i have:
>
># delay filtering decisions until we get to bumped requests
>http_access allow CONNECT safe_ports
>http_access deny CONNECT
>
>
>I understand adding this line that you suggested as it's not already there.
>http_access deny !safe_ports
>
>However, i don't understand why i would need to add this (http_access deny
>CONNECT !SSL_Ports ) given the two lines above in the existing config. I'm
>probably just misunderstanding how this works.
the two lines above unconditionally allow CONNECT anywhere, you can't deny
it further because no further checking is done.
when using:
http_access deny CONNECT !SSL_ports
you deny CONNECT request to non-SSL ports and can deny them further.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
More information about the squid-users
mailing list