On 15/04/2017 3:22 a.m., Matus UHLAR - fantomas wrote: > On 13.04.17 06:16, Amos Jeffries wrote: >> What are peoples opinions about making the following items built-in >> defaults? >> >> acl Safe_ports port 21 80 443 >> acl CONNECT_ports port 443 >> acl CONNECT method CONNECT > > shouldn't that be more like following? > > acl Safe_ports port 80 > acl CONNECT_ports port 21 443 > >> http_acces deny !Safe_ports >> http_access deny CONNECT !CONNECT_ports > >
No. The !Safe_ports would deny port 21 and 443 usage. SSL_ports/CONNECT_ports is a sub-set of safe ports whre CONNECT is also potentially permitted. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
