Bugtraq mailing list archives
Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall]
From: Keith Simonsen <bangel () elite net>
Date: Fri, 22 Feb 2002 16:44:00 -0800
Tommaso, You are right that the default squid.conf binds to all ip's But if you scroll down the the ACL section: acl all src 0.0.0.0/0.0.0.0 #Default: # http_access deny all So anyone from the net trying to use your proxy will get denied. You have to explicitly add acl's to allow any access to the proxy. Looks like the squid defaults are pretty secure. -Keith On 22/02/02 17:27 +0100, Tommaso Di Donato wrote:
I love Squid, and yes, default Squid configuration solves this problem... But if you want a secure proxy, you have to change the parameter http_port to listen only to your internal IP address!!! Default config is: http_port 0.0.0.0 so anyone from the internet can use your proxy (I fond a lot of server so configured!!!!). Change it to http_port 192.168.1.254 #private IP My 0.02... Tommaso Di Donato
Current thread:
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Tommaso Di Donato (Feb 23)
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Keith Simonsen (Feb 23)
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Kurt Seifried (Feb 25)