Bugtraq mailing list archives
Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall]
From: Tommaso Di Donato <t.didonato () sicurweb it>
Date: Fri, 22 Feb 2002 17:27:44 +0100
The authors of Squid sorted that problem out YEARS ago. The default ACLs within Squid state: acl SSL_ports port 443 563 # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports i.e. you can only use the CONNECT proxy option for ports 443 and 563. I'm amazed this isn't the default in other products...
I love Squid, and yes, default Squid configuration solves this problem...But if you want a secure proxy, you have to change the parameter http_port to listen only to your internal IP address!!! Default config is:
http_port 0.0.0.0so anyone from the internet can use your proxy (I fond a lot of server so configured!!!!). Change it to
http_port 192.168.1.254 #private IP My 0.02... Tommaso Di Donato
Current thread:
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Tommaso Di Donato (Feb 23)
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Keith Simonsen (Feb 23)
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Kurt Seifried (Feb 25)