srcdomain ACL's, reverse and direct lookups...

From: <>
Date: Mon, 9 Feb 1998 17:00:46 +0100

Hi Everybody,

I've looked at the sources of SQUID 1.1.18 and the release notes 1.1 to get
confirmation, but I would appreciate yours, aspecially on V1.1.20.

When I declare an ACL using srcdomain to list allowed internal clients, I
think SQUID does a reverse lookup of a given client's IP address before
checking the srcdomain list.
But does it do a subsequent DIRECT lookup, to make sure that the client is
in the domain it "claims" to be ? If not, it sounds like just changing a
PTR record in a foreign domain is all what a hacker needs to make SQUID to
think he is someone else.

Reading this extract of the mentionned release notes seems to mean that :

NOTE: DNS has a number of known security problems. Squid does not make
any effort to guarantee the validity of data returned from gethostbyname()
or gethostbyaddr() calls.

So, it seems that using src ACL's rather than srcdomain is more secure,
isn't it ?

Thank's in advance for any correction / confirmation and best regards !

Thierry A.
Received on Mon Feb 09 1998 - 08:06:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:49 MST