Please don't top post (which is putting your reply above the original message) - it makes the thread hard to follow.
Chavdar Videff wrote: > On Tuesday 04 January 2005 04:45, Ow Mun Heng wrote: >> Look at the SSL_ports or SSL_safe_ports (can't remember the exact name) >> and put in the ports for ICQ and others there. >> That's just neccesary for them to use the CONNECT method for connecting. >> Note that these are _not_ proxying requests. Your box just acts as >> forwarders. > Sorry but this didn't work. Can the reason be that squid was not > configured with --enable-ssl option? That is for using SSL reverse proxying - it has nothing to do with normal (forward) proxy setups. > Would it be less secure if i just allow ICQ to pass > through the iptables firewall and SNAT in POSTROUTING chain? It's no less secure than CONNECT tunneling, and from Squid's standpoint it may be more secure - fewer ports on which CONNECT is allowed. Adam
