On Thu, Jan 07, 1999 at 10:51:52PM +1300, Chris Wedgwood wrote:
>
> Why -- I only allow people to use connect with 443 and 563 -- I see
> no reason for them to use a squid proxy a connection on any other
> port.
That's your call - I've found that users here access sites running on all
sorts of ports - for valid business sites. Don't ask me why these people run
web servers on wierd port numbers, I'm not running their sites :-)
Deny all port numbers but those you "trust" is bogus anyway. If I wanted to
tunnel into/out of a network, I'd ensure I ran my tunnel on port 80/443
anyway - try stopping that...
CONNECT is hell... (strange that the "secure" portion of HTTP has become one
of the most dangerous...)
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
