Re: Re: [squid-users] HEAD requests on a reverse proxy

From: Nick <nick@dont-contact.us>
Date: Thu, 10 Jun 2004 9:01:29 -0400

Thanks Emilio. How would I make that acl_type request so it rejects all other HEAD requests besides from my load balancer?
Would it just be
acl my_cisco dst 192.168.1.1
acl my_cisco method HEAD

http_access deny HEAD
http_access allow my_cisco

Thanks,
Nick

>
> From: Emilio Casbas <ecasbas@unav.es>
> Date: 2004/06/10 Thu AM 03:41:56 EDT
> To: Nick <nick@finiteautomata.com>
> Subject: Re: [squid-users] HEAD requests on a reverse proxy
>
> Nick wrote:
>
> >Hello, I have two servers running squid as a reverse proxy. The squid servers caches pages that come from another server running Apache. When squid was initially setup I denied HEAD requests but now I need to allow HEAD requests. We have a Cisco GSS load balancer that probes the server using HTTP HEAD requests. Are there any security issues when allowing HEAD requests on a squid proxy.
> >
> >Thanks,
> >Nick
> >
> >
> >
>
> I think there isn't any security issues with HEAD
> requests. The HEAD method behaves exactly
> like the GET method, but the server returns only
> the headers in the response. No entity body is
> ever returned.
> In any case you can make an external_acl_type
> with request_method and enable only for
> the Cisco Load Balancer.
>
>
> Emilio C.
>
>
>
Received on Thu Jun 10 2004 - 07:01:31 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT