[KLUG Members] Bogus header for Squid

[Bruce Smith]

> > > Squid ACL's are configured to only accept connections from localhost,
> > > but the port responds as open when scanning from the inside. Client PC's
> > > connect at a port other than 3128 for purposes of filtering. The path
> > > out looks like this:
> > > 
> > > client PC --> filter port --> 3128(localhost) --> web
> > 
> > OK, you're running some kind of squidguard package on the same box that
> > forwards valid requests thru squid?
> 
> Yep. And it's doing a great job. This box replaced an existing proxy
> server and is keeping up really well. By my estimation, we've got
> approximately 4,000 users going through it. Unscheduled downtime has
> been zero since the switch, and administration is a breeze. The

That's great!  How big of a machine are you running it on?

> filtering software needs a little tweaking still, but I'm pretty happy
> with it overall.

Which filtering software are you using?  Squidguard or something else?

> > > Is it possible and/or recommended to have an iptables rule to drop any
> > > traffic on 3128 except from localhost? That way it wouldn't respond. Am
> > > I right in thinking that?
> > 
> > Yeah, you can do that easily with iptables.  
> > 
> > Although I'm not sure what it's going to gain you as long as people
> > really can't set their browsers to use port 3128 and bypass the filter
> > (other than a cleaner nessus report).
> 
> That's what I'm after. I want the report to be as clean as possible for
> presentation. The squid ACL works, so if they don't go through the
> filter, they don't get out.

Then iptables is the answer.

 - BS