Adam Aube wrote:
> Add those two ports to the Safe_ports and SSL_ports acls, then create an
> http_access rule that denies those two ports unless they are to the
> relevant servers.
Do these two lines do the job?
acl SSL_ports port 22 443 460 563 1863 5190 10000
acl Safe_ports port 1025-65535 # unregistered ports
And actually I just have this one (should allow every destination IP
address to be reached by means of CONNECT method on SSL_ports, right?)
http_access deny CONNECT !SSL_ports
-- ----------------------------------- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania -----------------------------------Received on Mon May 17 2004 - 08:54:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT