On Tue, 2005-02-08 at 21:56 -0800, thomas wrote: > > What is "Safe_ports" and why is this ACL there? > > > > - Sandip > > Dear Sandip > Safe_ports acl and http_access staements are in squid.conf that comes > with package. I am sending what is available in default conf file > > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > http_access deny !Safe_ports > > Any help based on this is appreciated. >
My point was that this line is probably causing all the trouble. You either use Safe_ports in combination with other "http_access allow" ACLs, or remove(or comment) the line "http_access allow Safe_ports" and try again. Squid ACLs are processed from top to bottom and the first condition which matches wins. In this case, the line "http_access allow Safe_ports" used just stand alone, allows any body to use the proxy when the Safe_ports ports are accessed - which is like everybody is allowed. - Sandip -- Sandip Bhattacharya * Puroga Technologies * [EMAIL PROTECTED] Work: http://www.puroga.com * Home/Blog: http://www.sandipb.net/blog PGP/GPG Signature: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3 _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/