Re: [squid-users] SSL Tunnelling Exploit allowed through Squid?

From: Robert Collins <[email protected]>
Date: 11 Oct 2002 08:36:57 +1000

On Fri, 2002-10-11 at 06:30, Sheahan, John (PCLN-NW) wrote:
> There is a hackers tool out there called "Bouncer" that uses SSL Tunnelling
> to get past all rules of a proxy server. You can check out the details at:
>
> http://www.r00t3d.org.uk/docs/bug.html
>
>
> My question is, does Squid support SSL Tunnelling? If so, is it on by
> default?

Squid supports the CONNECT method which is used for SSL Tunnelling. It
is on by default, but limited to certain ports. Also, the squid ACL's
dealing with domains and ip address's are always applied regardless of
method, so still apply to the CONNECT method.

Cheers,
Rob

Received on Thu Oct 10 2002 - 16:37:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:40 MST