RE: allow HTTPS on non-standard ports, dangerous ?

From: Redfern Ian <[email protected]>
Date: Wed, 21 Jan 1998 14:12:00 -0000

Because Squid does not interpret what's sent via the CONNECT verb. So
you could do
CONNECT mail.example.com:25\r\n\r\n
then do some nasty sendmail hack.

The above would allow you to bypass any outgoing firewall rules, so by
default it is prevented.

Ian Redfern (redferni@logica.com).
 ----------
From: Pim Zandbergen
To: squid-users@nlanr.net
Subject: allow HTTPS on non-standard ports, dangerous ?
Date: 21 January 1998 1:44pm

The sample configuration file that comes with the Squid caching proxy
server disallows HTTPS (method connect) on non-standard ports (443 &
563).

What's the idea? How dangerous would it be to allow random ports with
HTTPS?
 --
E-mail : Pim Zandbergen <pim@cti.nl>
S-mail : Laan Copes van Cattenburch 70, 2585 GD The Hague, The
Netherlands
Phone : +31 70 3067373
Fax : +31 70 3067374
Received on Wed Jan 21 1998 - 06:19:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:28 MST