Adam Aube wrote:
Add those two ports to the Safe_ports and SSL_ports acls, then create an http_access rule that denies those two ports unless they are to the relevant servers.
Do these two lines do the job?
acl SSL_ports port 22 443 460 563 1863 5190 10000 acl Safe_ports port 1025-65535 # unregistered ports
And actually I just have this one (should allow every destination IP address to be reached by means of CONNECT method on SSL_ports, right?)
http_access deny CONNECT !SSL_ports
-- ----------------------------------- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica
Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania -----------------------------------
