Bugtraq mailing list archives
Re: Raptor 6.5 http vulnerability (fwd)
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Wed, 28 Mar 2001 11:06:15 +0800
At 10:16 PM 27-03-2001 +1000, Peter Robinson wrote:
Most http Proxy solutions (including squid and fw1) do this unless you specify otherwise. If you don't know what your doing... you don't know what your doing!!. Don't blame the software..... This is NOT a bug, just a feature .. Often you want people to use their proxy to access web sites on other ports.
Actually it looks like bad design to me. It's common but bad. I blame the software and the designers. I don't know why they're doing what they're doing. They seem to be making a single proxy do the job of two or more proxies. Just because it's a http proxy doesn't mean it should do everything to do with http. I think the different functions should be split to different software with different goals. e.g. http proxy to protect internal clients from the big bad webservers outside. With hooks for antivirus scanning etc. http proxy for performance: client caching, which can be chained to the "save the users" proxy. http proxy to protect internal webservers from the naughty script kiddies outside. HTTP accelerator to speed things up for servers- load balancing, output buffering etc. (Probably not on firewall). You could combine some http client proxies, but I think it's a bad idea to combine http client and server proxies into one big do everything proxy. Why do that? It's seems like asking for trouble to me. That said, I have not seen any mainstream vendor coming up with a specialised http proxy to protect webservers. It's not easy to do right due to the loads involved, but it should actually be simpler if the software is specialised. Cheerio, Link.
Current thread:
- Re: Raptor 6.5 http vulnerability (fwd) Peter Robinson (Mar 27)
- Re: Raptor 6.5 http vulnerability (fwd) Alexander Bochmann (Mar 27)
- Re: Raptor 6.5 http vulnerability (fwd) Lincoln Yeoh (Mar 27)