21-Mar-02 at 09:10, Simon White (simon@mtds.com) wrote :
> There's no point transparently caching SSL, since it is not cached by squid
> but just forwarded.
>
> But in any case in terms of ipchains you can redirect the different ports to
> Squid and it _should_ work : SSL on 443 and FTP on 21, of course.
NOTE: on reflection, this probably won't work. I think it only works for non
transparent setups.
I can't test it right now, anybody else have this working? I can see it being
useful to force people through the proxy in order to deny based on acl, rather
than opening everyone to be able to get at ports 443 and 21.
However, here is a workaround:
Only allow the proxy box access to ports 443 and 21 via the firewall: this
will force users to go via the proxy manually for SSL and FTP.
Others on the list may have better solutions.
-- John Lennon:--v [Simon White. vim/mutt/Linux. simon@mtds.com. GIMPS: 48.08%] Sometimes we sit and read other people's interpretations of our lyrics and think, 'Hey, that's pretty good.' If we liked it, we would keep our mouths shut and just accept the credit as if it was what we meant all along.Received on Thu Mar 21 2002 - 02:55:52 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:01 MST