In case, the "port knocking supervisor" keeps track of the knocking IP, then finally the real proxy port is opened ONLY for this knocking IP. So, unless you know how the port knocking is done correctly, you will not be granted access to the real proxy port. Practically secure, in case - check for port scanning. Remember scanners IP - detect port knocking IP -IF scanners IP, deny access to any port -Forward to real proxy port and DNS/port rotation used. I like it :-) Although, with quite some effort, you might be able to be the succesful intruder. (Or the GFW) -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-implement-access-control-using-connetcing-hostname-and-port-tp4666818p4666858.html Sent from the Squid - Users mailing list archive at Nabble.com.
