Re: [squid-users] Squid doesn't block access to port 8080

Here is the config...

If you guys find anything that is unrelevant in my config, please tell me
because this is a home environment. Many things here I copied from other
configs (I don't know what the whole QUERY context means).

Thank you

########################################
# ARQUIVOS DE CONFIGURACAO DO SQUID #
########################################

http_port 3128

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/cache/squid 10 16 256
cache_access_log /var/log/squid/access.log
ftp_user Squid@netradio.com.br
cache_mgr palula@uol.com.br

########################################
# CONFIGURACAO DE ACCESS LISTS #
########################################

acl all src 0/0
acl minha_rede src 192.168.100.0/24
acl bad_strings url_regex "/etc/squid/bad_strings.acl"
acl bad_sites dstdomain "/etc/squid/bad_sites.acl"
acl bad_files urlpath_regex "/etc/squid/bad_files.acl"
acl good_sites dstdomain "/etc/squid/permitted.acl"
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl ssl_ports port 443 563

acl safe_ports port 80 # http
acl safe_ports port 21 # ftp
acl safe_ports port 443 563 # https, snews
acl safe_ports port 70 # gopher
acl safe_ports port 210 # wais
acl safe_ports port 1025-65535 # unregistered ports
acl safe_ports port 280 # http-mgmt
acl safe_ports port 488 # gss-http
acl safe_ports port 591 # filemaker
acl safe_ports port 777 # multiling http

########################################
# SEGURANCA DE HEADERS #
########################################

header_access Via deny all
header_access X-Forwarded-For deny all
header_access Proxy-Connection deny all
header_access Accept-Encoding deny all
header_access User-Agent deny all

header_replace Via Stealthed
header_replace X-Forwarded-For Unknown
header_replace User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+)
Gecko/20011122

########################################
# PERMISSOES #
########################################

acl CONNECT method CONNECT

http_access deny bad_sites
http_access deny bad_strings
http_access deny bad_files
http_access deny CONNECT !ssl_ports
http_access allow good_sites
http_access allow safe_ports
http_access allow manager localhost
http_access deny manager
http_access allow minha_rede

http_access deny all

visible_hostname netradio.com.br
coredump_dir /var/cache/squid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

----- Original Message -----
From: "Christoph Haas" <email@christoph-haas.de>
To: <squid-users@squid-cache.org>
Sent: Friday, December 09, 2005 11:44 AM
Subject: Re: [squid-users] Squid doesn't block access to port 8080

On Friday 09 December 2005 12:13, Palula Brasil wrote:
> I've been receiving some links to executables files through my email and
> the link comes like this: www.somesite.com.country/urlpath/file.exe:8080
>
> The problem is that I putted the ".somesite.com.country" on the
> bad_sites acl and it still is permitting access thos files.
>
> Can anybody help me out on how to overcome this problem.

Not without looking at your config.

 Christoph

-- 
~
~
".signature" [Modified] 2 lines --100%--                2,41         All