Re: [squid-users] more following quests

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 05 Apr 2002 02:30:51 +0200

Aman Raheja wrote:

> When you say these are the ports Squid will allow the clients to connect to.
> Why would an HTTP server want to allow connection to FTP port or any other
> well known port, listed in Safe_ports?
> Moreover what would happen if a web-site on the other end is not using port
> 80 or even any of the Safe_ports listed but some random port xxxx?

Your question seems to be on why the default Squid access controls
allows one to connect using HTTP to port 21 etc. This is simply for
simplicity. Having a full blown port access matrix for all the protocols
would be overly complex for the purpose.

The main point if this rule is to make sure the user cannot connect to
services not meant to be proxied, such as SMTP and many other protocols.
It is not seen as a big problem if the user can make the proxy connect
using the wrong protocol to a service the user is allowed to proxy to.

You are welcome to write your own stricter access rules if you feel this
is necessary.

Regards
Henrik Nordström
Squid Developer
Received on Thu Apr 04 2002 - 17:59:46 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:22 MST