On Thu, 8 Jul 2004, Michael Gale wrote:
> Hello,
>
> I have the following ACL's:
>
> ##### Protocol restrictions
> acl goodhttp proto HTTP
> acl goodftp proto FTP
> acl goodhttps proto CONNECT
> http_access deny !goodhttp httpstand_ports
> http_access deny !goodftp ftpstand_ports
> http_access deny !goodhttps SSL_ports
Shouldn't this be
http_access deny goodhttp !httpstand_ports
i.e. deny HTTP access to no-HTTP ports, not deny non-HTTP access to HTTP
ports.
> ##### Methods and browsers
> acl goodmethod method GET
> acl goodmethod method HEAD
> acl goodmethod method POST
> http_access deny !goodmethod httpstand_ports
>
> Which should only allow HTTP GET and POST request. I used lftp setting it to use squid for ftp connections and was able
> to upload a file. Now the cache.log says it was ALLOWED but the access.log shows a error ... the file was upload
> successfully.
The above says nothing about FTP uploads. It only limits the methods
allowed when accessing httpstand_ports (this I presume does not include
the FTP port).
jI think you want something like
acl goodhttpmethod method GET HEAD POST
acl deny goodftp !goothttpmethod
[repeat for each protocol]
Regards
Henrik
Received on Sun Jul 25 2004 - 10:53:18 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT