|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Message-Id: <5.1.0.14.0.20020222172736.0259f818@popmail.sicurweb.com> Date: Fri, 22 Feb 2002 17:27:44 +0100 To: bugtraq@securityfocus.com From: Tommaso Di Donato <t.didonato@sicurweb.it> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed >The authors of Squid sorted that problem out YEARS ago. The default ACLs >within Squid state: > >acl SSL_ports port 443 563 ># Deny CONNECT to other than SSL ports >http_access deny CONNECT !SSL_ports > >i.e. you can only use the CONNECT proxy option for ports 443 and 563. > >I'm amazed this isn't the default in other products... I love Squid, and yes, default Squid configuration solves this problem... But if you want a secure proxy, you have to change the parameter http_port to listen only to your internal IP address!!! Default config is: http_port 0.0.0.0 so anyone from the internet can use your proxy (I fond a lot of server so configured!!!!). Change it to http_port 192.168.1.254 #private IP My 0.02... Tommaso Di Donato
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |