[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Do you allow http to ports other than 80?
My prefered method to deal with this is to use a proxy/cache server like http://www.squid-cache.org/ and setup one rule for all clients to access the cache on one single port. Depends how many clients you have though; it could be a lot of work to point them all to a proxy. > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of Greg > Winkler > Sent: Monday, July 16, 2001 12:34 PM > To: [email protected] > Subject: [FW1] Do you allow http to ports other than 80? > > > > > Recently I've been bombarded by requests from my users to gain access to > websites outside the company that run on ports other than 80. Off the top > of my head I recall sites running on 9022, 8095, 81, 89, 8081, 8080, and > I'm sure I've forgotten a few. Up until today I could never get them to > work. I've just learned that, YES, it is possible to allow this on a > firewall by creating a new service with a protocol type set to URI and by > adding a line to fwauthd.conf of the format > > port# in.ahttpd wait 0 > > It was the update to fwauthd.conf that had me stymied. > > My only objection now is that each of these new ports requires > another http > security server process to monitor it. I'd just as soon not have a million > security servers running on my firewall to support a very small community > of users who need access to these oddball websites. > > Just what is it with these website admins? Why must they run > their sites on > odd port numbers? What's scary is that some of the sites are running on > ports that have been assigned to other services. What the heck is > one to do > when the web-site conflicts with the legitimate use of that port? > > I feel like making a stand...."Just say NO to websites that don't run on > port 80". But it appears I will just get stampeded. Do you allow access to > these sites where you work? > > ------------------------------------------------------------------ > ---------------------- > > Greg Winkler > Systems Manager, IT&S > Huntsman Corporation > Internet Mail: [email protected] > Voice:> Fax:> > > > > ================================================================== > ============== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================== > ============== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|