> -----Original Message----- > From: LeKeiserAmen [mailto:LeKeiser@xxxxxxxxxxxx] > Sent: Wednesday, November 23, 2005 11:48 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re[2]: https Webmin using port 12000 > doesn't work > anymore with Squid > > > Hello Joost, > > Wednesday, November 23, 2005, 10:02:25 AM, you wrote: > > >> Since I have installed Squid on my Debian 3.1, I > cannot use Webmin > >> anymore. > >> I get the error : > >> 1132704539.351 0 192.168.1.10 TCP_DENIED/403 1414 CONNECT > >> 192.168.1.1:12000 - NONE/- text/html > >> 1132704539.473 121 192.168.1.10 TCP_DENIED/403 1414 CONNECT > >> 192.168.1.1:12000 - NONE/- text/html > > >> acl SSL_ports port 443 563 # https, snews > >> acl SSL_ports port 873 # rsync > >> http_access deny CONNECT !SSL_ports > > JdH> Voila, the reason. > > JdH> Joost > > I don't understand. > acl SSL_ports port 443 563 defines ACL, and http_access deny CONNECT > !SSL_ports denies all but the SSL_ports ACL, right? > And since I created an acl for the port 12000 and have put http_access > deny !Safe_ports, then all the ports in Safe_ports are allowed, as are > the SSL_ports. > Or did I miss something? The CONNECT method is only allowed to ports 443, 563 and 873 (deny CONNECT, unless it's to a port listed in SSL_Ports). If you add... acl SSL_Ports port 12000 # Webmin ...to your ACL list you would be set. Even better would be to define your Webmin host, and allow it specifically. Instead of adding the above, add... acl webmin_host dstdomain webmin.mynet.dom acl webmin_port port 12000 http_access allow CONNECT webmin_host webmin_port http_access deny CONNECT !SSL_ports # Existing line > > Cheers, > > -- > Best regards, > LeKeiserAmen > mailto: LeKeiser@xxxxxxxxxxxx > > Chris
