> This was answered recently. You have to weigh the risks
> that users of your proxy will use it to abuse the service
> which is supposed to be on those ports against the loss of
> access to these non-standard ports.
>
> You should probably point out to the site that they are
> requiring people to compromise the security on their
> firewalls and proxies.
>
> The default squid configuration permits these port:
>
> 80 21 443 563 70 210 1025-65535
Just out of curiousity - I know about the HTTP CONNECT method, but
what other methods could you use to 'abuse' squid to connect to a non-HTTP
service?
Maybe there should be an acl option that lets you specity which ports
http connect is valid on? I haven't ever seen an encrypted http session
on a port other than 443 (but its bound to exist *somewhere* I'm sure..)
Or am I off track, since this acl is in squid and I'm just not parsing
the conf file right?
Adrian
Received on Mon Aug 02 1999 - 11:15:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:49 MST