Re: FW: WARNING: By-passing MS Proxy packet filtering

From: tom minchin <tom@dont-contact.us>
Date: Sat, 10 Oct 1998 09:18:31 +1000

On Fri, Oct 09, 1998 at 05:00:29PM -0600, Duane Wessels wrote:
> Squid has this sort of hole as well. With the most recent version
> you can plug it by uncommenting these lines in the default squid.conf:
>
> acl Safe_ports port 80 21 70 1025-65535
> http_access deny !Safe_ports
>
> I just realized that probably prevents valid SSL ports 443 and 563
> however.
>

Yeah it does. There's also a lot of webservers out there on port 81, 88
etc (as well as SSL servers on other ports). I gave up after getting
about 10 exceptions in the first day I used the ACL.

tom@interact.net.au
Received on Fri Oct 09 1998 - 16:19:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:24 MST