Jan,
Jan Groenewald wrote:
> Hi
>
> On Mon, Jun 11, 2007 at 01:15:02PM +0100, Neil A. Hillard wrote:
>> Although you have 1024-6000 listed in safe_ports, that will only allow
>> access for http. You are attempting to use https so you will also need
>> to list it in ssl_ports.
>
> It is not normal to have an application request CONNECT on many ports
> in 4000-6000, right?
Definitely not! It would allow the user to create a tunnel to anything!
You could just add port 4000 to ssl_ports if that's what you want.
Here, we need to connect to some services on non-standard ports
(although we do our best to get the service provider to change it to a
standard port) so I combine the port, CONNECT and dstdomain to only
allow them out to that one service.
HTH,
Neil.
-- Neil Hillard neil.hillard@agustawestland.com AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.Received on Mon Jun 11 2007 - 07:59:04 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT