Squid : Ports Restrictions
Add this to squid.conf
#Port Lists
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
or
# Port Lists
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
If users in your network access remote servers on non standard HTTP/S ports not listed in squid.conf, your browser will show an error page :
ERROR
The requested URL could not be retrieved
_____
While trying to retrieve the URL: http://xxx.xxx.xxx.xxx:1000 (this is an example)
The following error was encountered:
* Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is webmaster.
This ports restriction help limit unauthorized request.
Leave a Reply