From 3c97f09dcd77636217215e1aa406f00bfc3e5631 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Tue, 19 Jul 2022 14:54:05 +0000
Subject: T4480:webproxy: Add safe-ports and ssl-safe-ports for acel squid
 config -- Fix conflicts

---
 data/templates/squid/squid.conf.j2 | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'data/templates/squid')

diff --git a/data/templates/squid/squid.conf.j2 b/data/templates/squid/squid.conf.j2
index a0fdeb20e..5781c883f 100644
--- a/data/templates/squid/squid.conf.j2
+++ b/data/templates/squid/squid.conf.j2
@@ -2,6 +2,11 @@
 
 acl net src all
 acl SSL_ports port 443
+{% if ssl_safe_ports is vyos_defined %}
+{%     for port in ssl_safe_ports %}
+acl SSL_ports port {{ port }}
+{%     endfor %}
+{% endif %}
 acl Safe_ports port 80          # http
 acl Safe_ports port 21          # ftp
 acl Safe_ports port 443         # https
@@ -13,6 +18,11 @@ acl Safe_ports port 280         # http-mgmt
 acl Safe_ports port 488         # gss-http
 acl Safe_ports port 591         # filemaker
 acl Safe_ports port 777         # multiling http
+{% if safe_ports is vyos_defined %}
+{%     for port in safe_ports %}
+acl Safe_ports port {{ port }}
+{%     endfor %}
+{% endif %}
 acl CONNECT method CONNECT
 
 {% if authentication is vyos_defined %}
-- 
cgit v1.2.3