March 29, 2024, 11:54:39 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: blocking ftp through squid  (Read 3174 times)

Offline gauravbajaj

  • LST CareTaker
  • Experienced
  • *****
  • Posts: 658
blocking ftp through squid
« on: April 04, 2007, 10:30:42 AM »
Hey

1) I want to block ftp through squid.How can i do this?

2) Can I block particular ftp command like PUT or GET through squid itself?

Thanks
Gaurav Bajaj

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
blocking ftp through squid
« Reply #1 on: April 04, 2007, 11:33:55 AM »
Blocking ftp through squid is matter of blocking ports used by squid. .

I don't think that we can go that much advance in blocking in squid. But yes I am looking into.

Offline gauravbajaj

  • LST CareTaker
  • Experienced
  • *****
  • Posts: 658
blocking ftp through squid
« Reply #2 on: April 04, 2007, 11:49:54 AM »
Ricky

Thanks for the reply

acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563   # https, snews
acl Safe_ports port 70      # gopher
acl Safe_ports port 210   # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280   # http-mgmt
acl Safe_ports port 488   # gss-http
acl Safe_ports port 591   # filemaker
acl Safe_ports port 777   # multiling http

http_access deny !Safe_ports

The above configration is default for squid..........to block ftp port can i change it into like this:

{means chaging Safe_ports to ftp_port }

acl ftp_port port 21      # ftp

http_access deny ftp_port

Thanks

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
blocking ftp through squid
« Reply #3 on: April 07, 2007, 07:29:54 AM »
No need to add anything.. just remove line
Code: [Select]
acl Safe_ports port 21 # ftp
And should do.. as then 21 is not considered as safe port and those are not safe.. are not allowed.

Offline gauravbajaj

  • LST CareTaker
  • Experienced
  • *****
  • Posts: 658
blocking ftp through squid
« Reply #4 on: April 07, 2007, 01:45:48 PM »
Thanks Brother