The security warning is simply to make you aware that a squid process
with "httpd_accel_uses_host_header on" can be used as a "jumpgate" to
reach any server reachable from the squid host, regardless of any DNS
aliases/adresses pointing to the squid server. Usually not a issue on a
proxy, since this is what you want anyway.
But if Squid is used in a firewalled HTTP accelerator environment it can
be very important (depending on how stupid you or your network coponents
are when you set up the environment).
--- Henrik Nordström John Saunders wrote: > # different HTTP servers by looking at this header. However, > # Squid does NOT check the value of the Host header, so it opens > # a big security hole. We recommend that this option remain > # disabled unless you are sure of what you are doing. > # > httpd_accel_uses_host_header on > > Ignore the warning about security and enable this option for using the > Host: header. >Received on Wed Jul 30 1997 - 17:42:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:52 MST