Re: Problem with ftp acccess control

From: Duane Wessels <wessels@dont-contact.us>
Date: Tue, 10 Aug 1999 14:46:07 -0600

On Mon, 9 Aug 1999 squidmailinglist@det.nsw.edu.au wrote:

> Hi:
>
> I have a problem blocking ftp access. I searched through the list and tried different settings with no luck.
>
> this is what I have in my config file, we are tring to anly allow access to certain sites, and allow direct access to local ones. Site blocking is working fine, and direct connection to local hosts is working. but with FTP it looks like it is going direct, as it tries to get to the site but hangs becuase our firewall doesn't let it through
>
> acl edusite dstdom_regex -i .*\.edu\.au$
> acl govsite dstdom_regex -i .*\.gov\.au$
> acl digital dstdom_regex -i .*\.digital\.com$m$
> acl Bad dst 0.0.0.0/0.0.0.0
> acl ftpaccess proto FTP
>
> #Defaults:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT443 563 70 210 1025-65535
>
> #Default configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> http_access deny ftpaccess

Doesn't that deny all FTP requests outright?

> http_access allow edusites
> http_access allow govsite
> http_access allow microsoft
> http_access allow netscape
> http_access allow digital
> http_access deny BAD
>
> acl FTP proto FTP
> always_direct deny FTP

There you probably want

        never_direct allow FTP

instead.

Duane W.
Received on Tue Aug 10 1999 - 14:29:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:54 MST