Re: [squid-users] maxconn

From: Jason Greene <jason_at_the-greenes.net>
Date: Fri, 17 Dec 2010 10:57:00 -0600

It doesn't make sense... I set the limit to 50 and I run my scan and
the vulnerability shows... I drop it back by 5 and run my scan... it
show until I get to 20...the vulnerability goes away.... I increase
the limit by 1 until I get to 25 where it shows back up... I drop back
down to 24 ... still there

Now, even if I set it to 5, the vulnerability shows

Anyone know what is going on?

Jason

On Fri, Dec 17, 2010 at 9:35 AM, Jason Greene <jason_at_the-greenes.net> wrote:
> On Thu, Dec 16, 2010 at 7:41 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 17/12/10 10:38, Jason Greene wrote:
>>>
>>> I m trying to close a security hole
>>>
>>>
>>> I want to use maxconn on ALL IPs
>>>
>>> acl limitusercon maxconn 3
>>> http_access deny all limitusercon
>>
>> Testing the "all" there is not useful. That should be just:
>>
>> �http_access deny limitusercon
>>
>> ... making sure its placed at the top of your access controls so nothing
>> doing an allow can bypass it. Right after the "deny CONNECT !SSL_Ports"
>> should do.
>
> Thanks, I'll try this out.
>
>>
>>>
>>> But it doesn't seem to work and the hole still appears on a scan.
>>
>> What hole?
>
>
> HTTP Proxy CONNECT Loop DoS
>
>
>>
>>
>> Amos
>> --
>> Please be using
>> �Current Stable Squid 2.7.STABLE9 or 3.1.9
>> �Beta testers wanted for 3.2.0.3
>>
>
Received on Fri Dec 17 2010 - 16:57:06 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 18 2010 - 12:00:03 MST