If your client PCs are set up to use your proxy for http (protocol) requests, then **any** url that starts with http:// will be sent to the proxy despite what port follows that URL (eg: http://www.somewebhost.com:10000 )
In your case your clients may not have any proxy settings as you are using a firewall to redirect traffic pased upon destination port (and not protocol) therefore in your case it may be true to say that the Safe_ports acl performs no function (that is until you set the proxy settings in your client PCs) Regards, Rob Hadfield Quoting GBloomberg <[EMAIL PROTECTED]>: > Hello, > > I have a 2 interface Linux router/firewall. Eth0 public, Eth1 private > lan. Squid is installed and running/listening on Eth1 via tcp 3128. I > have a firewall REDIRECT rule that redirects all outgoing > "private_lan" port 80 traffic to tcp 3128. This works great. > > After reading through the ACL faq's I'm still confused as to **why** > there is a need for the "Safe_ports" acl elements declared by default > in "squid.conf"? > I was under the assumption that **by default** Squid proxies port 80 > traffic and thats it unless otherwise specified? My firewall only > allows the following out to the internet anyways. > udp 53 > tcp 20,21,22,25,80,110,443 > > So I'm assuming there's a good reason to have these defaults but I > don't see why when clients will only be redirected to Squid through > port 80. They go around Squid for all other ports. I could make a few > logical guesses as to why this set the way it is but I wanna be sure > that I'm not missing something else fundamental. > > > [code] > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 901 # SWAT > [/code] > > Thanks >
