On 4/20/07, Joe Mailander <jlm@xxxxxxx> wrote:
Can any of you using such an approach (allow http_access to everything minus a few denied ports) let me know if you've used the Dangerous_ports ACL out of the FAQ, or if it in reality needs to include other ports? The squid box will be busy enough without having to relay the world's (or the university's) spam or malware :-)
Generally speaking, there is no rule in place to force using any specific port on any specific site. Also generally speaking it is a widely accepted best practice when dealing with security issue to follow a "deny by default, allow what needed" approach. I recommend you to follow the default approach, reconfiguring squid to allow specific sites on an as-needed basis. -- /kinkie
