diff --git a/www/squid/Makefile b/www/squid/Makefile
index cfc272dd5..7da743138 100644
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@@ -1,6 +1,6 @@
 PLUGIN_NAME=		squid
 PLUGIN_VERSION=		1.0
-PLUGIN_REVISION=	2
+PLUGIN_REVISION=	3
 PLUGIN_COMMENT=		Squid is a caching proxy for the web
 PLUGIN_DEPENDS=		squid squid-langpack
 PLUGIN_TIER=		2
diff --git a/www/squid/pkg-descr b/www/squid/pkg-descr
index 2840d1808..f2e5e9c85 100644
--- a/www/squid/pkg-descr
+++ b/www/squid/pkg-descr
@@ -10,3 +10,4 @@ Plugin Changelog
 * Initial version based on the OPNsense 23.7.12 core code
 * Workaround for segmentation faults using OpenSSL legacy provider
 * Correct migration to Python ipaddress library use
+* Set default ACL values vor Safe_ports and SSL_ports
diff --git a/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
index d7d2ed578..7c4f59ab5 100644
--- a/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/proxy</mount>
-    <version>1.0.6</version>
+    <version>1.0.7</version>
     <description>Squid web proxy settings</description>
     <items>
         <general>
@@ -362,10 +362,14 @@
                     </OptionValues>
                 </youtube>
                 <safePorts type="CSVListField">
+                    <Default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</Default>
                     <Mask>/^([ \-0-9a-zA-Z:,])*/u</Mask>
+                    <Required>Y</Required>
                 </safePorts>
                 <sslPorts type="CSVListField">
+                    <Default>443:https</Default>
                     <Mask>/^([ \-0-9a-zA-Z:,])*/u</Mask>
+                    <Required>Y</Required>
                 </sslPorts>
                 <remoteACLs>
                     <blacklists>
diff --git a/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
index 6c7369393..b5e8e9194 100644
--- a/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -219,21 +219,15 @@ acl blockmimetypes_requests req_mime_type {{element}}
 {% endif %}
 
 # ACL - SSL ports, default are configured in config.xml
-# Configured SSL ports (if defaults are not listed, then they have been removed from the configuration!):
-{% if helpers.exists('OPNsense.proxy.forward.acl.sslPorts') %}
-{%  for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %}
+{% for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %}
 acl SSL_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
-{%  endfor %}
-{% endif %}
+{% endfor %}
 
 # Default Safe ports are now defined in config.xml
-# Configured Safe ports (if defaults are not listed, then they have been removed from the configuration!):
-{% if helpers.exists('OPNsense.proxy.forward.acl.safePorts') %}
 # ACL - Safe_ports
-{%  for element in OPNsense.proxy.forward.acl.safePorts.split(",") %}
+{% for element in OPNsense.proxy.forward.acl.safePorts.split(",") %}
 acl Safe_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
-{%  endfor %}
-{% endif %}
+{% endfor %}
 acl CONNECT method CONNECT
 
 # ICAP SETTINGS