Author
FREQUENTLY ASKED QUESTIONS (Squid Proxy)Q: How to open/allow a particular port number in squid proxy?
By default the following TCP port numbers are opened in squid proxy server.
acl Safe_ports port 80 # http
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
If a web server listening on custom port 81/TCP, squid server will not allow to browse to that server due to the port 81/TCP is not listed as Safe_ports.
Follow the steps to enable a port in squid server
[root@server ~]# vi /etc/squid/squid.conf
acl Safe_ports port 81 # Add this line with the default port acls
http_access allow Safe_ports # allow access
# add the above two lines to squid,conf
Restart or reload squid server with changes
[root@server ~]# service squid reload
or
[root@server ~]# service squid restart
or
[root@server ~]# service squid restart
LABELS: 
2 comments:
Thanks, simple but useful!
Let's review what your answer does. You are adding port 81 to the Safe_ports ACL. Then you tell your system to allow http to access EVERY PORT IN THE ACL. This means that although you only needed port 81 open for http access, what you have done is opened ports 80,21,443,70,210,1025-65535,280 488,591,777, and 81 to http traffic.
You DO NOT want to do this. What this SHOULD look like is:
acl Other_http port 81
http_access allow Other_http
You can then add ports needed for http access to the Other_http ACL. Your method opens 64,000 ports to http access, a tremendously bad idea. What I would do is move the http ports listed in the Safe_ports ACL to the Other_http ACL (80, 280, 488, 777). Then I'd have control of what ports http can flow over. As it stands with the out of the box configuration, http will connect on any port in Safe_ports.
Post a Comment