Thank you to all who have replied, all replies were extremely helpful. I am
now unable to ssh using this proxy, though I am still unable to use the
cachemgr.cgi.
Squid is by far one of the best tools I've had the pleasure of using and I
look forward to learning more.
.vp
Vadim
From: Chris Robertson <crobertson@xxxxxxx>
ons 2006-04-05 klockan 17:13 +0000 skrev Vadim Pushkin:
Also, I am able to ssh out using my proxy, and I wish not to.
Your access controls allows CONNECT to unwanted ports...
Note: The suggested default rules restricts CONNECT to only two well
known SSL ports for good reasons..
Regards
Henrik
Specifically, you've placed your http_access allow lines above the
http_access deny lines. You might benefit from perusing the FAQ on access
controls (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html).
In short, if you move your network specific http_access lines below the
line that reads...
http_access deny CONNECT !SSL_Ports
... but above the line that reads...
http_access deny all
...you should be allowing just the access that you want. Also, you might
want to get rid of the http_reply_access lines that you added to the
default config.
Chris
