[squid-users] [RFC] Changes to http_access defaults
Amos Jeffries
squid3 at treenet.co.nz
Sat Apr 15 22:04:33 UTC 2017
On 15/04/2017 3:22 a.m., Matus UHLAR - fantomas wrote:
> On 13.04.17 06:16, Amos Jeffries wrote:
>> What are peoples opinions about making the following items built-in
>> defaults?
>>
>> acl Safe_ports port 21 80 443
>> acl CONNECT_ports port 443
>> acl CONNECT method CONNECT
>
> shouldn't that be more like following?
>
> acl Safe_ports port 80
> acl CONNECT_ports port 21 443
>
>> http_acces deny !Safe_ports
>> http_access deny CONNECT !CONNECT_ports
>
>
No. The !Safe_ports would deny port 21 and 443 usage.
SSL_ports/CONNECT_ports is a sub-set of safe ports whre CONNECT is also
potentially permitted.
Amos
More information about the squid-users
mailing list