Re: [squid-users] Limiting CGI environment info returned by proxy checks

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 06 Jun 2001 22:18:53 +0200

Que??? Squid does not implement CGI.

If this output is from some remote script showing you "what it got",
then the only relevant ones are those starting with HTTP_. Of those the
only one relevant to Squid is X-Forwarded-For which is added by Squid.
See squid.conf for how to control this.

If you want to go further than this and have Squid remove information
normally sent even when the browser goes direct to the site in question
then see the anonymizer functions in Squid. Again see squid.conf.

For securing a Squid box, see your average book on how to secure a UNIX
box, and also make sure your access controls in squid.conf is properly
set up and any unused snmp/icp/htcp ports is disabled. Firewalling is
probably also a good idea.

--
Henrik Nordstrom
Squid Hacker
Steven Thompson wrote:
> 
> Hi All
> 
> How do you limit what information is returned during a proxy security check
> test.
> 
> What are the best security tests for a squid box.
> 
> Thanks in Advance
> 
> Steven Thomson
> 
> PS . e.g. of what was returned:
> DOCUMENT_ROOT
> GATEWAY_INTERFACE
> HTTP_ACCEPT
> HTTP_ACCEPT_LANGUAGE
> HTTP_CACHE_CONTROL
> HTTP_HOST
> HTTP_REFERER
> HTTP_USER_AGENT
> HTTP_X_FORWARDED_FOR
> PATH
> QUERY_STRING
> REMOTE_ADDR
> REMOTE_PORT
> REQUEST_METHOD
> REQUEST_URI
> SCRIPT_FILENAME
> SCRIPT_NAME
> SERVER_ADDR
> SERVER_ADMIN
> SERVER_NAME
> SERVER_PORT
> SERVER_PROTOCOL
> SERVER_SIGNATURE
> SERVER_SOFTWARE
> TZ
Received on Wed Jun 06 2001 - 14:31:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:31 MST