When setting accel_uses_host_header on, you effectively (in security
measurements) turn Squid into a proxy, which anyone can use as a
jumpgate to any adress/port. This is very bad if squid is running on a
firewall (or firewallish situation).
To make ir secure, you have to add ACL checks to only allow connections
to the accelerated servers (and ports).
--- Henrik Nordström Canessa Enrique wrote: > In the Squid Conf file is written: > > "However, Squid does NOT check the value of the Host header, so it opens > a big security hole". > > Can you give me examples of "Host headers" that might break the system. > (If the Squid machine also also runs one of the Web servers > then for a header pointing to that machine, the call should be OK).Received on Fri Jun 06 1997 - 18:57:05 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:29 MST