Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Do you allow http to ports other than 80?

To: "Greg Winkler" <[email protected]>, <[email protected]>
Subject: RE: [FW1] Do you allow http to ports other than 80?
From: "C. Regis Wilson" <[email protected]>
Date: Wed, 18 Jul 2001 13:51:30 -0700
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

My prefered method to deal with this is to use a proxy/cache
server like http://www.squid-cache.org/ and setup one rule for all
clients to access the cache on one single port.  Depends how many
clients you have though; it could be a lot of work to point them
all to a
proxy.

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of Greg
> Winkler
> Sent: Monday, July 16, 2001 12:34 PM
> To: [email protected]
> Subject: [FW1] Do you allow http to ports other than 80?
>
>
>
>
> Recently I've been bombarded by requests from my users to gain access to
> websites outside the company that run on ports other than 80. Off the top
> of my head I recall sites running on 9022, 8095, 81, 89, 8081, 8080, and
> I'm sure I've forgotten a few. Up until today I could never get them to
> work. I've just learned that, YES, it is possible to allow this on a
> firewall by creating a new service with a protocol type set to URI and by
> adding a line to fwauthd.conf of the format
>
> port#         in.ahttpd       wait    0
>
> It was the update to fwauthd.conf that had me stymied.
>
> My only objection now is that each of these new ports requires
> another http
> security server process to monitor it. I'd just as soon not have a million
> security servers running on my firewall to support a very small community
> of users who need access to these oddball websites.
>
> Just what is it with these website admins? Why must they run
> their sites on
> odd port numbers? What's scary is that some of the sites are running on
> ports that have been assigned to other services. What the heck is
> one to do
> when the web-site conflicts with the legitimate use of that port?
>
> I feel like making a stand...."Just say NO to websites that don't run on
> port 80". But it appears I will just get stampeded. Do you allow access to
> these sites where you work?
>
> ------------------------------------------------------------------
> ----------------------
>
> Greg Winkler
> Systems Manager, IT&S
> Huntsman Corporation
> Internet Mail: [email protected]
> Voice:> Fax:>
>
>
>
> ==================================================================
> ==============
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Do you allow http to ports other than 80?
  - From: "Greg Winkler" <[email protected]>

Prev by Date: [FW1] RE: Nokia/Check Point/SolutionPaq
Next by Date: RE: [FW1] differences between " fw" binary for management module and firewa ll module
Previous by thread: Re: [FW1] Do you allow http to ports other than 80?
Next by thread: RE: [FW1] Do you allow http to ports other than 80?
Index(es):
- Date
- Thread