Time for action – building ACL lists using destination ports
So, we can use network port numbers to identify requests and then combine them with an access rule to control access to resources. Squid provides an ACL type port
, which can be used to declare one or more port numbers to construct an ACL. Let's see a simple example:
acl allowed_port port 80
The previous ACL will match any request for port 80 on the destination server requests. The ACL type port can take more than one port or a range of ports as an argument. So, if we want to assign multiple ports, we can list them as follows:
acl allowed_ports port 80 443 1025-65535
The ACL allowed_ports
will match all the requests requesting a connection to ports 80, 443, or any within the range of 1025 to 65535.
Normally, the policy is to allow only needed ports and deny connection to all other ports to prevent any type of illegal or unauthorized access. Squid has a lot of pre-defined ports aggregated under the ACLs named SSL_ports
and Safe_ports...
