[squid-users] Undernet/mIRC Says Squid is misconfigured - Denies login

From: Cliff <cliff@dont-contact.us>
Date: Fri, 20 Sep 2002 22:35:05 -0800

Hi Folks

What does mIRC have to do with squid's port 3128?
Why do IRC servers give a hoot what I do on port 3128?

And is this old information? Meaning squid 2.4Stable6
is not vulnerable as suggested by the below article?

My squid config is stock RH 7.3 so I'm at a loss.
Misconfigged? huh?
Do I want to do this?

Here's the suggested fix:
http://www.fr1.documents.cyberabuse.org/?page=vulnerabilities&doc=1

How To... configure a Squid against spoofing

POST comes from the http RFC, allowing to POST datas to
websites (roughly).
By using POSTs requests on a misconfigured Squid Proxy, its
pretty easy to establish a connection between Squid and any
server/port.

This problem is due to a misconfiguration in squid.conf's access
list. To solve this, you just have to well configure your Squid by
adding a few lines on the Squid's access control part.

A fast way of doing it is defining the range of ports you allow with
an acl element.
Squid knows as acl elements: "port" which is the destinationport number.

Set the accessible ports, and then deny the others.

acl safe 80 21 443 8000-65535 # Safe ports
http_access deny !safe # Deny !Safe Ports

Then, you are sure noone will be able to access by the POST
exploit any forbidden ports (or only if thoses are > 8000).

Of course, verify that you allow caching for only your customers,
etc by theses lines :
acl all src 0.0.0.0/0.0.0.0
acl ourhosts src 192.168.0.0/255.255.0.0 # Here are your customers.

-- 
Best regards
Received on Sat Sep 21 2002 - 00:35:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:22 MST