On 4/20/07, Joe Mailander <jlm@efn.org> wrote:
> Can any of you using such an approach (allow http_access to
> everything minus a few denied ports) let me know if
> you've used the Dangerous_ports ACL out of the FAQ, or if it in
> reality needs to include other ports? The squid box
> will be busy enough without having to relay the world's (or the
> university's) spam or malware :-)
Generally speaking, there is no rule in place to force using any
specific port on any specific site.
Also generally speaking it is a widely accepted best practice when
dealing with security issue to follow a "deny by default, allow what
needed" approach.
I recommend you to follow the default approach, reconfiguring squid to
allow specific sites on an as-needed basis.
--
/kinkie
Received on Fri Apr 20 2007 - 02:14:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT