Skip to content

How to allow SSH/FTP connections through Squid?

Sometimes, it is required to allow SSH or FTP connections through the proxy. The following steps show required actions to do it. Please note the following instructions apply only to Web Safety version 8.0+.

Step 1. Define ACLs

In Admin UI / Squid Proxy / Settings / Default ACLs add the following lines to the Advanced ACLs text field as shown on the following screenshot. These ACLs tell the proxy to allow SSH/FTP access to the selected domains and ports 22 or 21.

# add the following to allow SSH tunnels to the domains
# listed in HTTPS exclusions
acl ssh_ports port 22
acl ssh_servers dstdomain "/opt/websafety/etc/squid/ssl/exclude/domains.conf"
http_access allow CONNECT ssh_ports ssh_servers

# add the following to allow FTP tunnels to the domains listed 
# in HTTPS exclusions
acl ftp_ports port 21 1025-65535
acl ftp_servers dstdomain "/opt/websafety/etc/squid/ssl/exclude/domains.conf"
http_access allow CONNECT ftp_ports ftp_servers

Allow FTP and SSH Connections through Squid

Step 2. Add Exclusions

Next step is to add the domain name and IP address that domain name resolves to to the Admin UI / Squid Proxy / Exclusions. Note we are adding both domain name and its IP address. This is because the client software (FTP mostly) will establish tunnels to the remote server first by domain name and later by IP address. This might not be required for the SSH access but it is definitely required for FTP.

Step 3. Save and Restart

Finally, click Save and Restart from Admin UI and try using your application to access the desired domain by SSH and/or FTP.