Re: UPDATE: [wcolburnat_private: SMTP relay through checkpoint firewall]

From: Keith Simonsen (bangelat_private)
Date: Fri Feb 22 2002 - 16:44:00 PST

Next message: David Korn: "Windows Media Player executes WMF content in .MP3 files."

Previous message: Jeremy Epstein: "RE: ITS4 from Cigital flawed"
In reply to: Tommaso Di Donato: "Re: UPDATE: [wcolburnat_private: SMTP relay through checkpoint firewall]"
Next in thread: Kurt Seifried: "Re: UPDATE: [wcolburnat_private: SMTP relay through checkpoint firewall]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tommaso,

You are right that the default squid.conf binds to all ip's
But if you scroll down the the ACL section:

acl all src 0.0.0.0/0.0.0.0

#Default:
# http_access deny all

So anyone from the net trying to use your proxy will get denied.
You have to explicitly add acl's to allow any access to the proxy.

Looks like the squid defaults are pretty secure.

-Keith

On 22/02/02 17:27 +0100, Tommaso Di Donato wrote:
> 
> 
> I love Squid, and yes, default Squid configuration solves this problem...
> But if you want a secure proxy, you have to change the parameter http_port 
> to listen only to your internal IP address!!! Default config is:
> http_port 0.0.0.0
> so anyone from the internet can use your proxy (I fond a lot of server so 
> configured!!!!). Change it to
> http_port 192.168.1.254 #private IP
> 
> My 0.02...
> 
> Tommaso Di Donato

Next message: David Korn: "Windows Media Player executes WMF content in .MP3 files."
Previous message: Jeremy Epstein: "RE: ITS4 from Cigital flawed"
In reply to: Tommaso Di Donato: "Re: UPDATE: [wcolburnat_private: SMTP relay through checkpoint firewall]"
Next in thread: Kurt Seifried: "Re: UPDATE: [wcolburnat_private: SMTP relay through checkpoint firewall]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Feb 23 2002 - 07:14:14 PST