I want to configure ATS as a forward proxy to our customers, but don't
want them to access our internal hosts. I.e. only proxy to Internet,
not to intranet. With Squid we would use ACL's to limit access by both
destination IP and maybe also port:
acl to_internal dst 192.168.0.0/16
acl Safe_ports port 80
acl Safe_ports port 1025-65535 # unregistered ports
acl SSL_ports port 443
http_access deny to_internal
http_access deny CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
Can a ATS in forward mode be similarly hardened ?
-jf
