On 02.01.18 06:04, squidnoob wrote:
In my existing config, i have:
# delay filtering decisions until we get to bumped requests
http_access allow CONNECT safe_ports
http_access deny CONNECT
I understand adding this line that you suggested as it's not already there.
http_access deny !safe_ports
However, i don't understand why i would need to add this (http_access deny
CONNECT !SSL_Ports ) given the two lines above in the existing config. I'm
probably just misunderstanding how this works.
the two lines above unconditionally allow CONNECT anywhere, you can't deny
it further because no further checking is done.
when using:
http_access deny CONNECT !SSL_ports
you deny CONNECT request to non-SSL ports and can deny them further.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users