Re: proposal to remove port 563 from default ACLs

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 03 Oct 2006 00:35:07 +0200

fre 2006-09-29 klockan 16:07 -0600 skrev Duane Wessels:
> Our default ACL configuration allows CONNECT requests to port 563,
> which is for NNTP over SSL. Assuming that nobody really uses NNTP
> over SSL, especially through an HTTP proxy, I suggest that we
> remove it from the defaults.

I have actually used it in in real life. Was a some vendor support forum
NNTP server requiring authentication and encryption to protect the
passwords. But I have no problem with removing the port from the
suggested default configuration as it's not at all common and easy to
add back if needed. Most have switched to using web forums anyway.. This
vendor actually provided both nntps and https access methods to the same
forums. Unfortunately I don't remember the vendor, but it was one of the
large commercial software vendors with active user communities.

Regards
Henrik

Received on Mon Oct 02 2006 - 16:35:14 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:06 MST