From: wessels <>
Date: Fri, 13 Oct 2006 02:46:42 +0000 (+0000)
Subject: Removing port 563 from the default SSL_ports and Safe_ports ACLs
X-Git-Tag: SQUID_3_0_PRE5~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec19153f1ef93d54663a938a751d1eebda8b040c;p=thirdparty%2Fsquid.git

Removing port 563 from the default SSL_ports and Safe_ports ACLs
under the assumption that this port (for secure NNTP) is very
rarely used through Squid, and that allowing it by default increases
the chance that it can be abused for generic tunneling.
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index f72932a6b3..79a7c6ed94 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.424 2006/09/18 23:05:43 hno Exp $
+# $Id: cf.data.pre,v 1.425 2006/10/12 20:46:42 wessels Exp $
 #
 #
 # SQUID Web Proxy Cache		http://www.squid-cache.org/
@@ -2670,10 +2670,10 @@ acl all src 0.0.0.0/0.0.0.0
 acl manager proto cache_object
 acl localhost src 127.0.0.1/255.255.255.255
 acl to_localhost dst 127.0.0.0/8
-acl SSL_ports port 443 563
+acl SSL_ports port 443
 acl Safe_ports port 80		# http
 acl Safe_ports port 21		# ftp
-acl Safe_ports port 443 563	# https, snews
+acl Safe_ports port 443		# https
 acl Safe_ports port 70		# gopher
 acl Safe_ports port 210		# wais
 acl Safe_ports port 1025-65535	# unregistered ports