RE: [squid-users] Re[2]: https Webmin using port 12000 doesn't work anymore with Squid

> -----Original Message-----
> From: LeKeiserAmen [mailto:LeKeiser@lekeiser.com]
> Sent: Wednesday, November 23, 2005 11:48 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Re[2]: https Webmin using port 12000
> doesn't work
> anymore with Squid
>
>
> Hello Joost,
>
> Wednesday, November 23, 2005, 10:02:25 AM, you wrote:
>
> >> Since I have installed Squid on my Debian 3.1, I
> cannot use Webmin
> >> anymore.
> >> I get the error :
> >> 1132704539.351 0 192.168.1.10 TCP_DENIED/403 1414 CONNECT
> >> 192.168.1.1:12000 - NONE/- text/html
> >> 1132704539.473 121 192.168.1.10 TCP_DENIED/403 1414 CONNECT
> >> 192.168.1.1:12000 - NONE/- text/html
>
> >> acl SSL_ports port 443 563 # https, snews
> >> acl SSL_ports port 873 # rsync
> >> http_access deny CONNECT !SSL_ports
>
> JdH> Voila, the reason.
>
> JdH> Joost
>
> I don't understand.
> acl SSL_ports port 443 563 defines ACL, and http_access deny CONNECT
> !SSL_ports denies all but the SSL_ports ACL, right?
> And since I created an acl for the port 12000 and have put http_access
> deny !Safe_ports, then all the ports in Safe_ports are allowed, as are
> the SSL_ports.
> Or did I miss something?

The CONNECT method is only allowed to ports 443, 563 and 873 (deny CONNECT, unless it's to a port listed in SSL_Ports). If you add...

acl SSL_Ports port 12000 # Webmin

...to your ACL list you would be set. Even better would be to define your Webmin host, and allow it specifically. Instead of adding the above, add...

acl webmin_host dstdomain webmin.mynet.dom
acl webmin_port port 12000
http_access allow CONNECT webmin_host webmin_port
http_access deny CONNECT !SSL_ports # Existing line

>
> Cheers,
>
> --
> Best regards,
> LeKeiserAmen
> mailto: LeKeiser@lekeiser.com
>
>

Chris
Received on Wed Nov 23 2005 - 13:59:56 MST