Jan, Jan Groenewald wrote: > Hi > > On Mon, Jun 11, 2007 at 01:15:02PM +0100, Neil A. Hillard wrote: >> Although you have 1024-6000 listed in safe_ports, that will only allow >> access for http. You are attempting to use https so you will also need >> to list it in ssl_ports. > > It is not normal to have an application request CONNECT on many ports > in 4000-6000, right? Definitely not! It would allow the user to create a tunnel to anything! You could just add port 4000 to ssl_ports if that's what you want. Here, we need to connect to some services on non-standard ports (although we do our best to get the service provider to change it to a standard port) so I combine the port, CONNECT and dstdomain to only allow them out to that one service. HTH, Neil. -- Neil Hillard neil.hillard@xxxxxxxxxxxxxxxxxx AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.
