On Thu, Dec 16, 2010 at 7:41 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 17/12/10 10:38, Jason Greene wrote:
>>
>> I m trying to close a security hole
>>
>>
>> I want to use maxconn on ALL IPs
>>
>> acl limitusercon maxconn 3
>> http_access deny all limitusercon
>
> Testing the "all" there is not useful. That should be just:
>
> http_access deny limitusercon
>
> ... making sure its placed at the top of your access controls so nothing
> doing an allow can bypass it. Right after the "deny CONNECT !SSL_Ports"
> should do.
Thanks, I'll try this out.
>
>>
>> But it doesn't seem to work and the hole still appears on a scan.
>
> What hole?
HTTP Proxy CONNECT Loop DoS
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.9
> Beta testers wanted for 3.2.0.3
>
Received on Fri Dec 17 2010 - 15:35:20 MST
This archive was generated by hypermail 2.2.0 : Sat Dec 18 2010 - 12:00:03 MST