Jan,
Jan Groenewald wrote:
> Hi
>
> On Mon, Jun 11, 2007 at 01:15:02PM +0100, Neil A. Hillard wrote:
>> Although you have 1024-6000 listed in safe_ports, that will only allow
>> access for http. You are attempting to use https so you will also need
>> to list it in ssl_ports.
>
> It is not normal to have an application request CONNECT on many ports
> in 4000-6000, right?
Definitely not! It would allow the user to create a tunnel to anything!
You could just add port 4000 to ssl_ports if that's what you want.
Here, we need to connect to some services on non-standard ports
(although we do our best to get the service provider to change it to a
standard port) so I combine the port, CONNECT and dstdomain to only
allow them out to that one service.
HTH,
Neil.
--
Neil Hillard [EMAIL PROTECTED]
AgustaWestland http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
views of Westland Helicopters Ltd.
