On Mon, 9 Aug 1999 squidmailinglist@det.nsw.edu.au wrote:
> Hi:
>
> I have a problem blocking ftp access. I searched through the list and tried different settings with no luck.
>
> this is what I have in my config file, we are tring to anly allow access to certain sites, and allow direct access to local ones. Site blocking is working fine, and direct connection to local hosts is working. but with FTP it looks like it is going direct, as it tries to get to the site but hangs becuase our firewall doesn't let it through
>
> acl edusite dstdom_regex -i .*\.edu\.au$
> acl govsite dstdom_regex -i .*\.gov\.au$
> acl digital dstdom_regex -i .*\.digital\.com$m$
> acl Bad dst 0.0.0.0/0.0.0.0
> acl ftpaccess proto FTP
>
> #Defaults:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT443 563 70 210 1025-65535
>
> #Default configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> http_access deny ftpaccess
Doesn't that deny all FTP requests outright?
> http_access allow edusites
> http_access allow govsite
> http_access allow microsoft
> http_access allow netscape
> http_access allow digital
> http_access deny BAD
>
> acl FTP proto FTP
> always_direct deny FTP
There you probably want
never_direct allow FTP
instead.
Duane W.
Received on Tue Aug 10 1999 - 14:29:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:54 MST