good morning
a nessus scan give this about my squid :
Warning found on port squid-http (3128/tcp)
The misconfigured proxy accepts requests coming
from anywhere. This allows attackers to gain some anonymity when
browsing
some sensitive sites using your proxy, making the remote sites think
that
the requests come from your network.
Solution: Reconfigure the remote proxy so that it only accepts requests
coming
from inside your network.
i see squid.conf and find this :
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localdomain src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
auth_param basic program /usr/lib/squid/ncsa_auth /usr/local/squid/users
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hour
acl eth0 src 192.168.0.0/255.255.255.0
acl users proxy_auth REQUIRED
http_access allow eth0 users
# Only allow cachemgr access from localhost
http_access allow manager localdomain
http_access allow localdomain
# Deny requests to unknown ports
http_access deny manager
# Deny CONNECT to other than SSL ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
another lines to add or uncomment to avoid this nessus message ?
thanks
Received on Wed Mar 16 2005 - 02:55:40 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST