On 8/01/2016 4:32 a.m., Anonymous cross wrote: > Hi All, > > I have basic queries on an usage of safe and SSL_ports in squid. > > Since squid proxies only HTTP packets then why do we need to add different > protocols in safe ports? Some protocols particularly the older text based ones that ports 0-1024 were regiestered for can be smuggled through as crafted HTTP headers or payload. Allowing clients to request proxying to them causes dangerous problems. > > Our box is configured to redirect only port 80 packets to 3129? Do we need > to have safe and SSL ports in such a case? Yes. The ACLs are not about what ports are used to contact Squid but what ports are permitted to be used in the URLs served by Squid. > > I am trying to understand the need for safe ports in SQUID proxy. Because I > don't see any use-case for this. <http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls> Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
