Platform: selinux and squid proxy (CentOS 5.x)

Today I banged my head against an issue where squid wasn't allowing access out for a user to a web site running on an oddball port (port 85 in this example). Step #1 to fix this I added port 85 to the Safe_ports acl (which technically enables it for every site but I'll tighten that up later) in /etc/squid/squid.conf. Then I opened up that port on the firewall running behind the squid proxy (this time to only the destination IP address of the oddball server running on port 85).

In testing the end user was consistently getting an Connection Failed error (13) Permission denied coming back from squid. In this case, selinux was kicking in and saying "hey, port 85 is stupid (duh) and squid really should not be doing this." To add an exception, use the semanage command to add the port as follows:

semanage port -a -t http_port_t -p tcp 85

And after that [4 hour ordeal of research and testing] it works.