Re: [SQUI] SQUID as IRC proxy???

From: Miquel van Smoorenburg <>
Date: Sat, 13 Jan 2001 18:02:21 +0000 (UTC)

In article <002b01c07d72$053b73e0$>,
M. Yu <> wrote:
>I didn't notice the dash in 1025-65535. I'll be fixing that. IP-based
>ACL's are in place, Rob. Unfortunately, the prick, err, user is in my
>network. You were right too Miquel. A quick grep in access.log for
>undernet showed the bot using a CONNECT like so:
>979398125.588 43499 TCP_MISS/000 355 CONNECT
>I still don't get how this works though. Anyone care to explain in detail?

CONNECT is a way to proxy https requests. As https requests are
SSL-encrypted, squid can't interpret those sessions. It is also
unable to cache them. The only thing it can do is transparently
proxy them (2-way) to the destination host - and that is exactly
what CONNECT does (it's a HTTP method like like GET, PUT etc).

If the prick, err, user is using this method, it doesn't really
matter if you tighten up Safe-Ports - the line you want to fix
is actually SSL_ports. But if the ircd on
runs on port 443 (which is the default HTTPS port) there's not
much you can do without blocking legitimate HTTPS requests
to other hosts.

Yes, you can ofcourse block the _host_
but like I said, that will only work until the prick, err, user
finds another ircd that runs on port 443.

>And if someone is using my Squid to connect to IRC, what effect does this
>have on Squid's performance?

It will eat 2 filedescriptors and 0.01% cpu


The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to (Miquel van Smoorenburg)
To unsubscribe, see
Received on Sat Jan 13 2001 - 11:05:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:27 MST