Re: [squid-users] Need To Limit the Use of CONNECT

Hi,

On Mon, Jan 29, Vadim Pushkin wrote:

> I would like to limit the use of CONNECT within my squid.conf to just a few
> sites, for now the sites defined by the ACL "App-Port-80". I am
> considering doing this like this:
>
> # Access to App-Port-80 uses port 80 for CONNECT
>
> acl App-Port-80 dst 192.168.111.1
> acl SSL_ports port 443 563
> acl CONNECT method CONNECT
> acl all src 0.0.0.0/0
> no_cache deny QUERY
> http_access deny !Safe_ports
> http_access allow CONNECT App-Port-80
> http_access deny CONNECT !SSL_ports

you have no acl for QUERY, Safe_ports, so I removed them from my example.

if you want only the CONNECT methode to port 80 and 443 for dest
192.168.111.1, then you have to do the following:

acl App-Port-80 dst 192.168.111.1
acl SSL_ports port 80 443
acl CONNECT method CONNECT
http_access allow CONNECT App-Port-80 SSL_ports
http_access deny all

-- 
Gruß
  Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.