Re: deny !Safe_ports, any critical reasons? (abuse..)

From: Peter van Dijk <peter-squid@dont-contact.us>
Date: Wed, 6 Jan 1999 23:52:28 +0100

On Wed, Jan 06, 1999 at 11:24:46PM +0100, Herwig Wittmann wrote:
> Hello people, [1]
>
> Are there any real bad things (tm) users authorized to use a squid cache
> could do if I would replace the default Safe_ports acl with
> something like "acl Safe_ports 1-65535"?
>
> --- snip - squid.conf ---
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> http_access deny !Safe_ports
> --- snap ---

Well.. they could use your Squid as a telnet gateway, irc bouncer, and just
about anything else that works over TCP.

Greetz, Peter.

-- 
<squeezer> AND I AM GONNA KILL MIKE                |          Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent:      | peter@attic.vuurwerk.nl
<squeezer>   @date = localtime(time);		   |  realtime security d00d
<squeezer>   $date[5] += 2000 if ($date[5] < 37);  | 
<squeezer>   $date[5] += 1900 if ($date[5] < 99);  |    -x- available -x-
Received on Wed Jan 06 1999 - 15:28:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:55 MST