Re: SSL_ports

From: David Luyer <luyer@dont-contact.us>
Date: Tue, 15 Dec 1998 10:11:20 +0800

> Can someone explain the need for this ACL (SSL_ports)?

SSL_ports is used as the list of ports you can do a method CONNECT connection
to. If there's no ACL controlling your method CONNECT connections, then any
of your cache clients can connect to any port on any server through your proxy.
This is potentially very bad as it permits them to use your cache for hacking
purposes.

The latest Squid releases also have a Safe_ports ACL to control all other
connections other than SSL, for example to prevent telnet through the cache
using the POST method.

David.
Received on Mon Dec 14 1998 - 21:08:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:39 MST