> From: adrian@creative.net.au [SMTP:adrian@creative.net.au]
>
> Just out of curiousity - I know about the HTTP CONNECT method, but
> what other methods could you use to 'abuse' squid to connect to a non-HTTP
> service?
>
All of them, although it is rather trivial on CONNECT,
and anything on GET has to look like HTTP headers. You
can certainly launder spam with sendmail 8.9.3 and POST
or PUT (actually tried with a direct telnet); it simply
gives a 500 error to the HTTP headers.
> Maybe there should be an acl option that lets you specity which ports
> http connect is valid on? I haven't ever seen an encrypted http session
> on a port other than 443 (but its bound to exist *somewhere* I'm sure..)
>
There already is. Note that this is done in squid.conf;
the core program doesn't know the difference.
Received on Mon Aug 02 1999 - 12:00:56 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:49 MST