Add squid_deny_connect_on_not_safe_ports.

2022-05-30 18:28:21 +02:00 · 2022-05-30 18:28:21 +02:00 · 04c9a9d847
parent 1c76ff05de
commit 04c9a9d847
2 changed files with 4 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -17,6 +17,8 @@ squid_safe_ports:
  - 80
  - 443

+squid_deny_connect_on_not_safe_ports: true
+
 squidclient_enabled: True
 squidclient_allowed_hosts:
  - '127.0.0.1/8'
--- a/templates/squid.conf.j2
+++ b/templates/squid.conf.j2
@ -34,8 +34,10 @@ http_access allow PURGE squidclientnet
 # Deny requests to certain unsafe ports
 http_access deny !Safe_ports

+{% if squid_deny_connect_on_not_safe_ports %}
 # Deny CONNECT to other than secure SSL ports
 http_access deny CONNECT !SSL_ports
+{% endif %}

 # Only allow cachemgr access from localhost
 http_access allow localhost manager