Re: ACL Lists

From: Henrik Nordstrom <>
Date: Wed, 21 Oct 1998 11:39:43 +0200 wrote:

> Ok i tried the proxy checker of the squid website, and it said
> access denied, is this a new feature in squid 2.0? Because with
> 1.21 when you set the acls up it didnt allow access to 8080, but
> i see what you are saying by it allowing telnet access, it just
> wont work with their web browser, this correct?

Squid-2 works in exacly the same way as Squid-1 with regard to this
level of ACL lists. In none of the versions you can deny access to the
proxy port. You can only deny/allow processing of requests sent to the
proxy port.

If you had a Squid-1.1.X setup that completely denied access to the
proxy port then you was using some kind of packet filter, or had Squid
bound on a internal IP address (not "secure" unless combined with a
packet filter).

In both versions you should set up basic request filters that denies
requests to ports like telnet, smtp and other well known non-WWW
services, especially if you run Squid in a setup where your users access
to Internet services is limited.

Henrik Nordström
Spare time Squid hacker
Received on Wed Oct 21 1998 - 04:10:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:37 MST