roddy@satlink.com.au wrote:
> Ok i tried the proxy checker of the squid website, and it said
> access denied, is this a new feature in squid 2.0? Because with
> 1.21 when you set the acls up it didnt allow access to 8080, but
> i see what you are saying by it allowing telnet access, it just
> wont work with their web browser, this correct?
Squid-2 works in exacly the same way as Squid-1 with regard to this
level of ACL lists. In none of the versions you can deny access to the
proxy port. You can only deny/allow processing of requests sent to the
proxy port.
If you had a Squid-1.1.X setup that completely denied access to the
proxy port then you was using some kind of packet filter, or had Squid
bound on a internal IP address (not "secure" unless combined with a
packet filter).
In both versions you should set up basic request filters that denies
requests to ports like telnet, smtp and other well known non-WWW
services, especially if you run Squid in a setup where your users access
to Internet services is limited.
--- Henrik Nordström Spare time Squid hackerReceived on Wed Oct 21 1998 - 04:10:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:37 MST