Merge branch 'feature/KASM-1934-update-web-filter-allowed-ports-and-ip-ssl' into 'develop'

KASM-1934 Removed set of allowed ports, allow all now Closes KASM-1934 See merge request kasm-technologies/internal/workspaces-core-images!51
2024-11-22 15:33:08 +01:00 · 2022-04-13 09:29:06 +00:00 · 2022-04-13 09:29:06 +00:00 · 8dd54b6fe1
commit 8dd54b6fe1
parent 5dbde177c0 43da0c244e
1 changed files with 6 additions and 12 deletions
--- a/src/ubuntu/install/squid/resources/squid.conf
+++ b/src/ubuntu/install/squid/resources/squid.conf
@ -7,7 +7,7 @@ acl blocked_websites dstdomain "/etc/squid/blocked.acl"
 http_access deny blocked_websites

 acl ssl_bypass_domains ssl::server_name "/etc/squid/ssl_bump_bypass_domains.conf"
-acl ssl_bypass_ips     dst              "/etc/squid/ssl_bump_bypass_ips.conf
+acl ssl_bypass_ips     dst              "/etc/squid/ssl_bump_bypass_ips.conf"

 deny_info ERR_ACCESS_DENIED  blocked_websites
 acl step1 at_step SslBump1
@ -17,19 +17,13 @@ ssl_bump splice ssl_bypass_ips
 ssl_bump bump all

 acl SSL_ports port 443
-acl Safe_ports port 80          # http
-acl Safe_ports port 21          # ftp
-acl Safe_ports port 443         # https
-acl Safe_ports port 70          # gopher
-acl Safe_ports port 210         # wais
-acl Safe_ports port 1025-65535  # unregistered ports
-acl Safe_ports port 280         # http-mgmt
-acl Safe_ports port 488         # gss-http
-acl Safe_ports port 591         # filemaker
-acl Safe_ports port 777         # multiling http
 acl CONNECT method CONNECT

-http_access deny !Safe_ports
+# The following two lines are an example of how we can leaverage squid to block ports, there can be as 
+# many acl statements adding ports to Safe_ports as are needed.
+#acl Safe_ports port 443         # https
+#http_access deny !Safe_ports
+
 http_access deny CONNECT !SSL_ports
 http_access allow localhost manager
 http_access deny manager