[squid-users] Re: my squid box spoofed !!

From: Joost de Heer <sanguis@dont-contact.us>
Date: Mon, 16 May 2005 16:25:55 +0200 (CEST)

> 1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT
> 205.188.156.185:25 - DIRECT/205.188.156.185 -

Next to the solutions offered, make an ACL that allows CONNECT attempts
only to 'trusted ports', i.e. https(443) and possibly snews (563):

acl CONNECT method CONNECT
acl Safe_CONNECT_Ports 443 563
http_access deny CONNECT !Safe_CONNECT_Ports

Joost
Received on Mon May 16 2005 - 08:25:56 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT