Enhancement #3101

Web proxy: add property for Squid safe ports

Added by Giacomo Sanchietti over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.6
Resolution: NEEDINFO:No

Description

Safe ports are a list of ports where the proxy can connect.
If a port is not inside the safe ports list, the proxy will refuse to contact the server.

For example, given a HTTP service running on port 112233, the server can't be accessed using the proxy.

Create a SafePorts property to allow the customization of allowed ports.


Related issues

Related to NethServer 6 - Enhancement #3106: Web proxy: add prop for squid SSL_ports CLOSED

Associated revisions

Revision 15425b61
Added by Giacomo Sanchietti over 6 years ago

squid.conf template: add support for custom safe ports. Refs #3101

History

#1 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 30 to 60

Added SafePorts option, the options doesn't replace existing list of safe ports.
The new property can be a comma-separated list of ports which will be added to the default list of safe ports.

To get the default safe ports list, just execute:

grep Safe_ports /etc/squid/squid.conf

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-squid-1.3.2-1.1.g15425b6.ns6.noarch.rpm
Test case
  • Try to set new safe ports:
    config setprop squid SafePorts 446,447
    
  • Check the ports are listed inside squid.conf
    grep Safe_ports /etc/squid/squid.conf
    
  • Check squid is running

#5 Updated by Filippo Carletti over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90
config setprop squid SafePorts 446

Update to nethserver-squid-1.3.2-1.2.g8eb5fbb.ns6.noarch
# grep Safe_ports /etc/squid/squid.conf
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 980        # httpd-admin (server-manager)
*acl Safe_ports port 446*

#6 Updated by Giacomo Sanchietti over 6 years ago

#7 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-squid-1.3.3-1.ns6.noarch.rpm

Also updated documentation.

Also available in: Atom PDF