RE: [squid-users] CONNECT issues

Thu, 27 Jan 2005 01:27:22 -0800 

Dear all,

 Sorry for late reply. After further tracking, i
managed to re-check the squid configuration files and
below are the acls list :-

acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny Bad_Domains
http_access deny Bad_Ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow our_networks
http_access allow manager localhost

I purposely did not include the bad_domains acl
because it is kinda long and would eventually messed
up when i posted up in the mailing list. I can
confirmed that the acl is correct anyway. 

After restart squid, i viewed the access.log files to
watch out for CONNECT strings. Well, this time, it is
different though. There are no more TCP_MISS:DIRECT at
the end of the log, instead, i got TCP:DENIED. Does
this mean i am successfully block those p2p or
tunneling softwares? 


--- Henrik Nordstrom <[EMAIL PROTECTED]> wrote:

> On Mon, 10 Jan 2005, Diamond King wrote:
> 
> >  I`ve checked the configuration file and it seems
> > that only port 443 and 563 were connected to
> SSL_Ports
> > acl rule.
> 
> You then have some error in your http_access rules,
> allowing things you 
> did not intend to allow.
> 
> >>> 192.168.25.220 - - [10/Jan/2005:11:24:38 +0800]
> >>> "CONNECT 213.103.81.214:3518 HTTP/1.0" 200 223
> >>> TCP_MISS:DIRECT
> 
> 
> > What's the usage of port 563 anyway?
> 
> nntps, NNTP over SSL. Supported by many browsers and
> is why it is in the 
> default allowed list.
> 
> > By the way, any other way to check what exactly
> those logs for? is it 
> > attempt by kazaa users? Thanks again!
> 
> If you are lucky then a meaningful user-agent string
> is included.. visible 
> if you enable log_mime_hdrs. But most likely this is
> blank or forged.
> 
> Regards
> Henrik
> 



                
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com

Reply via email to