On 22/06/2012 2:32 a.m., BERSIHAND Christophe wrote:
Hello, Can you tell me the difference between those two configurations, both allowing me to access an FTP server from a browser. acl Safe_ports port 21 80 443 563 70 210 631 1025-65535 http_access deny !Safe_ports
This configuration blocks all non-safe ports from being contacted. Those are ports whose native protocol can be embeded within HTTP headers and relayed via port 80 software. Usually used for attack purposes relayed via unprotected "open" proxies.
FTP control port is one listed as safe to be used through Squid.
and acl Safe_ports port 80 443 563 70 210 631 1025-65535 acl FTP proto FTP http_access deny !Safe_ports !FTP
This second configuration permits anyone to open any unsafe destination ports if they simply send ftp:// on the URL.
For example; someone wanting to relay spam email to example.com through your proxy only has to send it a request for "ftp://example.com:25/";
Amos
