RE: [squid-users] Squid proxy security check - advice

From: Peter Kassies <p.kassies@dont-contact.us>
Date: Thu, 7 Jun 2001 14:35:44 +0200

Steven,

What is your worry with this script. Ok, it shows how you connected via your
proxy to the outside world. But is that such a big deal. I mean you have the
firewall configured correctly to allow the proxyserver to connect from the
inside to the outside. Not vice versa.

You should be safe, nobody can access your proxy.

Peter

> -----Oorspronkelijk bericht-----
> Van: Steven Thompson [mailto:steven@bidorbuy.co.za]
> Verzonden: Thursday, June 07, 2001 11:27 AM
> Aan: Squid-Users (E-mail)
> Onderwerp: [squid-users] Squid proxy security check - advice
>
>
> Hi All
>
> Henrik thank you for advice earlier.
>
>
> This is the proxy security check I receive from the following URL:
> http://packetderm.cotse.com/cgi-bin/test.cgi
>
> Could you please advise what I should still close. I have disabled the
> icp/htcp ports by setting them to "0".
> But the start-up log still says "ACCEPTING HTCP connections on port 0, is
> this normal.
> I have firewalling and ACLs to control subnet access connections.
>
> Proxy Check
>
> This is the information in the CGI environment
>
> DOCUMENT_ROOT (Server specific)
> GATEWAY_INTERFACE CGI/1.1
> HTTP_ACCEPT */* application/msword
> application/vnd.ms-excel application/
> vnd.ms-powerpoint application/x-comet
> image/jpeg image
> /pjpeg image/x-xbitmap image/gif
> HTTP_ACCEPT_LANGUAGE en-za
> HTTP_CACHE_CONTROL max-age=259200
> HTTP_HOST packetderm.cotse.com
> HTTP_USER_AGENT Nutscrape/1.0 (CP/M; 8-bit)
> HTTP_VIA 1.0 warrior.bidorbuy.co.za 3128
> (Squid/2.3.STABLE2)
> HTTP_X_FORWARDED_FOR unknown
> PATH (Server specific)
> QUERY_STRING
> REMOTE_ADDR 196.38.219.40
> REMOTE_PORT 2332
> REQUEST_METHOD GET
> REQUEST_URI /cgi-bin/test.cgi
> SCRIPT_FILENAME (Server specific)
> SCRIPT_NAME /cgi-bin/test.cgi
> SERVER_ADDR (Server specific)
> SERVER_ADMIN (Server specific)
> SERVER_NAME (Server specific)
> SERVER_PORT 80
> SERVER_PROTOCOL HTTP/1.0
> SERVER_SIGNATURE (Server specific)
> SERVER_SOFTWARE (Server specific)
> TZ US/Eastern
>
>
> Thanks in Advance
>
> Steven
>
Received on Thu Jun 07 2001 - 06:36:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:32 MST