On 22/06/2012 2:32 a.m., BERSIHAND Christophe wrote:
Hello,
Can you tell me the difference between those two configurations, both allowing
me to access an FTP server from a browser.
acl Safe_ports port 21 80 443 563 70 210 631 1025-65535
http_access deny !Safe_ports
This configuration blocks all non-safe ports from being contacted. Those
are ports whose native protocol can be embeded within HTTP headers and
relayed via port 80 software. Usually used for attack purposes relayed
via unprotected "open" proxies.
FTP control port is one listed as safe to be used through Squid.
and
acl Safe_ports port 80 443 563 70 210 631 1025-65535
acl FTP proto FTP
http_access deny !Safe_ports !FTP
This second configuration permits anyone to open any unsafe destination
ports if they simply send ftp:// on the URL.
For example; someone wanting to relay spam email to example.com through
your proxy only has to send it a request for "ftp://example.com:25/";
Amos
