400
14.7.1-H
Destination ports
Accepted destination ports
This control allows you to restrict the server ports which may be accessed via the proxy.
Especially the ports 80 (HTTP) and 21 (FTP) are important here. This setting does not
apply to encrypted access.
Accepted CONNECT destinations
The method CONNECT offers clients the possibility to establish connections of any
type via the proxy. CONNECT is also used to tunnel encrypted connections (HTTPS)
through the proxy.
Commonly it is sufficient to grant access to port 443 (HTTPS)
only. Do not add unnecessary ports here, as this could be
abused.
The contents of connections which have been established with
the CONNECT method will not be scanned by the virusscanning
proxy. Neither the virusscanner nor the tag filter will be applied.
Deny CONNECT to IP addresses
There is software (e.g. many peer-to-peer clients) which abuses the CONNECT method
to bypass firewall restrictions. However often these clients won't request a connection to
a hostname, but rather to an IP address. Enable this option to deny these connections.
You can still grant access to specific IP addresses by entering
them as "Accepted CONNECT destinations".
If you access SX-GATE's configuration server by IP address
via web proxy, it will probably deny further connections after
enabling this feature.
14.7.1-I
ICAP
SX-GATE's web proxy can query external filters with an ICAP interface.