[squid-users] Need To Limit the Use of CONNECT

[Vadim Pushkin]

Hello All;

I would like to limit the use of CONNECT within my squid.conf to just a few 
sites, for now the sites defined by the ACL App-Port-80.  I am considering 
doing this like this:


# Access to App-Port-80 uses port 80 for CONNECT

acl App-Port-80 dst 192.168.111.1
acl SSL_ports port 443 563
acl CONNECT method CONNECT
acl all src 0.0.0.0/0
no_cache deny QUERY
http_access deny !Safe_ports
http_access allow CONNECT App-Port-80
http_access deny CONNECT !SSL_ports


I have already begun using this but I do not feel that I am limiting the 
CONNECT ability to just this destination. Also, I may later wish to make use 
of both ports 443 and 80 rather than just 80 as it should be right now.


Any help appreciated.

Regards,

.vp

Re: [squid-users] Need To Limit the Use of CONNECT

[Dieter Bloms]

Hi,

On Mon, Jan 29, Vadim Pushkin wrote:

 I would like to limit the use of CONNECT within my squid.conf to just a few 
 sites, for now the sites defined by the ACL App-Port-80.  I am 
 considering doing this like this:

 # Access to App-Port-80 uses port 80 for CONNECT
 
 acl App-Port-80 dst 192.168.111.1
 acl SSL_ports port 443 563
 acl CONNECT method CONNECT
 acl all src 0.0.0.0/0
 no_cache deny QUERY
 http_access deny !Safe_ports
 http_access allow CONNECT App-Port-80
 http_access deny CONNECT !SSL_ports

you have no acl for QUERY, Safe_ports, so I removed them from my example.

if you want only the CONNECT methode to port 80 and 443 for dest
192.168.111.1, then you have to do the following:

acl App-Port-80 dst 192.168.111.1
acl SSL_ports port 80 443
acl CONNECT method CONNECT
http_access allow CONNECT App-Port-80 SSL_ports
http_access deny all


-- 
Gruß

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.


pgpxk51UFTLxi.pgp
Description: PGP signature