Re: [squid-users] Transparent proxy - security hole?

From: Henrik Nordstrom <[email protected]>
Date: Tue, 13 Nov 2001 21:32:08 +0100

The comment is intended for people using Squid as an accelerator, not exacly
relevant to transparent proxying.

It is not exacly a hole. When the option is enabled one must be careful to
set up access controls in http_access. People running Squid as an accelerator
can get by without any access controls if the option is not enabled.

People running Squid as a proxy (normal or transparent) always have to worry
about access controls, regardless of how httpd_accel_uses_host_header is
configured. For transparently intercepting proxies the option MUST be enabled.

Regards
Henrik Nordstr�m
Squid Hacker

On Tuesday 13 November 2001 20.49, Michael Carmack wrote:
> Would someone mind explaining the security hole that's mentioned in
> squid.conf under the httpd_accel_uses_host_header tag. I've set up a
> transparent proxy on a machine that is currently acting as a router
> and a webserver for my home network, but the bit about "it opens a big
> security hole" is causing a bit of concern.
Received on Tue Nov 13 2001 - 13:31:46 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:10 MST