Reuben Farrelly <reuben-squid@mira.net> writes:
> You'll need to add 81 to the list of "safe ports" in your squid.conf
Indeed, as several people pointed out. It seems the debian default config only
lists 1025-5000 and a few ports under that. I have no idea why there should be
any distinction between privileged and unprivileged ports (indeed it seems the
security people would be more anxious about tunnelling to unprivileged ports).
<rant>
And I really hope nobody runs production proxies configured to disallow random
ports. If so you seriously degrade service to people using your proxies. Web
sites can and do use any random ports they please, and there's absolutely no
reason they shouldn't.
If you're afraid of people tunnelling other traffic through your proxy then
you can't run a proxy, restricting by ports doesn't stop the black hats but
does seriously affect users. Yet another case of security people valuing
dubious security through obscurity over essential functionality. Hmph.
</rant>
greg
Received on Sun May 23 1999 - 11:35:24 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:24 MST