Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall]
From: Keith Simonsen <bangel () elite net>
Date: Fri, 22 Feb 2002 16:44:00 -0800

Tommaso,

You are right that the default squid.conf binds to all ip's
But if you scroll down the the ACL section:

acl all src 0.0.0.0/0.0.0.0

#Default:
# http_access deny all

So anyone from the net trying to use your proxy will get denied.
You have to explicitly add acl's to allow any access to the proxy.

Looks like the squid defaults are pretty secure.


-Keith

On 22/02/02 17:27 +0100, Tommaso Di Donato wrote:


I love Squid, and yes, default Squid configuration solves this problem...
But if you want a secure proxy, you have to change the parameter http_port 
to listen only to your internal IP address!!! Default config is:
http_port 0.0.0.0
so anyone from the internet can use your proxy (I fond a lot of server so 
configured!!!!). Change it to
http_port 192.168.1.254 #private IP

My 0.02...

Tommaso Di Donato


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault