Had this problem a week ago but thanks to the guys on the list, I already
solved it. How'd I do it?
Well, simply change this:
http_access deny CONNECT !Safe_ports (this line permits the CONNECT method
to be used in ports define in your Safe_ports ACL)
to this:
http_access deny CONNECT (this denies the CONNECT method outright no matter
which port they connect to)
Note however that this will disable secure HTTP connections thru your proxy
so if you configured your browsers to use your proxy server as a secure HTTP
proxy (not a recommended course of action IMHO), then don't do this. One
final note, make sure the http_access line that allows your domain's IPs to
access your proxy appears AFTER the above line. In my experience, if the
http_access line that allows my IPs to access my proxy, Squid stops there
and let's the IRC client in ignoring the fact that I disallowed the CONNECT
method. My squid.conf looks like this:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT
http_access allow localhost
http_access allow my_ip_block
Oh yeah for pure enjoyment, log on to IRC the user is connecting to, restart
squid with the modifications in place, sit back, relax and watch the
connection time out :) You could also try watching him retry to connect,
and fail, by doing a tail -f /var/log/squid/access.log (then again you may
not be as sadistic a sysadmin as I am).
Cheers!
M. Yu
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sat Jan 20 2001 - 02:22:40 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:30 MST