Hi Folks
What does mIRC have to do with squid's port 3128?
Why do IRC servers give a hoot what I do on port 3128?
And is this old information? Meaning squid 2.4Stable6
is not vulnerable as suggested by the below article?
My squid config is stock RH 7.3 so I'm at a loss.
Misconfigged? huh?
Do I want to do this?
Here's the suggested fix:
http://www.fr1.documents.cyberabuse.org/?page=vulnerabilities&doc=1
How To... configure a Squid against spoofing
POST comes from the http RFC, allowing to POST datas to
websites (roughly).
By using POSTs requests on a misconfigured Squid Proxy, its
pretty easy to establish a connection between Squid and any
server/port.
This problem is due to a misconfiguration in squid.conf's access
list. To solve this, you just have to well configure your Squid by
adding a few lines on the Squid's access control part.
A fast way of doing it is defining the range of ports you allow with
an acl element.
Squid knows as acl elements: "port" which is the destinationport number.
Set the accessible ports, and then deny the others.
acl safe 80 21 443 8000-65535 # Safe ports
http_access deny !safe # Deny !Safe Ports
Then, you are sure noone will be able to access by the POST
exploit any forbidden ports (or only if thoses are > 8000).
Of course, verify that you allow caching for only your customers,
etc by theses lines :
acl all src 0.0.0.0/0.0.0.0
acl ourhosts src 192.168.0.0/255.255.0.0 # Here are your customers.
-- Best regardsReceived on Sat Sep 21 2002 - 00:35:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:22 MST