On Sat, 13 Sep 2003, Li Wei wrote:
> Recently, I found some authorized Squid users privately installed
> other proxy software on their PC. So then, other unauthorized users can access
> my Squid server via it. I'm really at my wit's end.
The use of authentication is stronly recommended.
> Can Squid fix this hole?
Yes and no. If you have reasonable level of user identification in place
then some simple statistics should indicate if some users are giving other
users access with their identity. Then block the users who have given
others access.
If you are lucky then these rouge proxies adds some kind of identification
to the requests forwarded via the proxy. For example if it is a Squid
proxy then X-Forwarded-For may indicate who the real user was. If not it
is virtually impossible to detect from an individual request if the
request was a from the real user or proxied from another user and
statistics need to be used to identify odd traffic patterns.
Regards
Henrik
Received on Sat Sep 13 2003 - 05:20:24 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:50 MST