RE: [squid-users] Custom rules to analyze HTTP headers

From: Mike Marchywka <marchywka_at_hotmail.com>
Date: Tue, 15 Dec 2009 08:38:40 -0500

----------------------------------------
> Date: Tue, 15 Dec 2009 10:14:35 -0300
> From:
> To
> CC: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Custom rules to analyze HTTP headers
>
> Jeff Pang escribi�:
>> I have been using HttpWatch for doing this, a cool tool.
>>
> Hello Jeff!
>
> It appears that it's an extension for web browsers. I'm afraid I need to
> solve this stuff form the Squid size, I'm sure someone should have to
> fight about this in the past.

I'm not entirely sure what you are doing but IIRC it is simple to make
an acl for a header. It took about 1 day of leaving an open squid
up to attract a hacker, and it took less time to an a simple
header to the intended app to authorize it. I don't recall
this was all that difficult and I think I was able
to prevent squid from forwarding it too to minimize
ability for anyone to spoof it.

Looking at conf file and IIRC, you should be able to make acl's with "req_header"
and I think use "header_access deny all" to prevent the header from being forwarded.

Corrections and qualifications appreciated.
Thanks.

>
>
> Greetings,
>
> Dererk
>
> --
> BOFH excuse #183:
> filesystem not big enough for Jumbo Kernel Patch
>
>
                                               
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
http://clk.atdmt.com/GBL/go/171222984/direct/01/
Received on Tue Dec 15 2009 - 13:38:48 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 15 2009 - 12:00:02 MST