Cannot deny FTP squid - squid

This is a discussion on Cannot deny FTP squid - squid ; Hello all, We have smoothwall as our firewall. I am also using it as proxy in a transperant mode. I have a problem on my hand. I want to deny all the ftp requests from the our network. I have ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Cannot deny FTP squid

  1. Cannot deny FTP squid

    Hello all,

    We have smoothwall as our firewall. I am also using it as
    proxy in a transperant mode. I have a problem on my hand. I want to
    deny all the ftp requests
    from the our network. I have also configured ACL's accordingly. But,
    to my amazement it simply doesnt seem to work. I can still access any
    ftp site eg: ftp://kernel.org in a browser as well as from command
    line !!

    Here is a part of acl's:

    acl badfiles url_regex -i "/var/smoothwall/proxy/badfiles"
    acl mgmt src "/var/smoothwall/proxy/mgmt_adds"
    acl FTP proto FTP
    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255

    acl SSL_ports port 445 443 441 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 81 # smoothwall http
    acl Safe_ports port 445 443 441 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT


    http_access allow localhost
    http_access deny FTP
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny badfiles !mgmt
    http_access allow localnet
    http_access deny all


    I really dont understand what i am doing wrong or silly !

    Any kind of help will be appreciated.
    Thanks.

  2. Re: Cannot deny FTP squid

    tornado wrote:

    > I really dont understand what i am doing wrong or silly !


    Not restarting squid?

    Not using a Watchguard instead?



    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted,
    submitted to anti-spam sites and proably burn in hell.

+ Reply to Thread