Henrik Nordstrom wrote:
ons 2006-04-05 klockan 17:13 +0000 skrev Vadim Pushkin:
Also, I am able to ssh
out using my proxy, and I wish not to.
Your access controls allows CONNECT to unwanted ports...
Note: The suggested default rules restricts CONNECT to only two well
known SSL ports for good reasons..
Regards
Henrik
Specifically, you've placed your http_access allow lines above the
http_access deny lines. You might benefit from perusing the FAQ on
access controls (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html).
In short, if you move your network specific http_access lines below the
line that reads...
http_access deny CONNECT !SSL_Ports
... but above the line that reads...
http_access deny all
...you should be allowing just the access that you want. Also, you
might want to get rid of the http_reply_access lines that you added to
the default config.
Chris
