[KLUG Members] Bogus header for Squid
Bruce Smith
bruce at armintl.com
Wed Mar 30 16:14:50 EST 2005
> > > Squid ACL's are configured to only accept connections from localhost,
> > > but the port responds as open when scanning from the inside. Client PC's
> > > connect at a port other than 3128 for purposes of filtering. The path
> > > out looks like this:
> > >
> > > client PC --> filter port --> 3128(localhost) --> web
> >
> > OK, you're running some kind of squidguard package on the same box that
> > forwards valid requests thru squid?
>
> Yep. And it's doing a great job. This box replaced an existing proxy
> server and is keeping up really well. By my estimation, we've got
> approximately 4,000 users going through it. Unscheduled downtime has
> been zero since the switch, and administration is a breeze. The
That's great! How big of a machine are you running it on?
> filtering software needs a little tweaking still, but I'm pretty happy
> with it overall.
Which filtering software are you using? Squidguard or something else?
> > > Is it possible and/or recommended to have an iptables rule to drop any
> > > traffic on 3128 except from localhost? That way it wouldn't respond. Am
> > > I right in thinking that?
> >
> > Yeah, you can do that easily with iptables.
> >
> > Although I'm not sure what it's going to gain you as long as people
> > really can't set their browsers to use port 3128 and bypass the filter
> > (other than a cleaner nessus report).
>
> That's what I'm after. I want the report to be as clean as possible for
> presentation. The squid ACL works, so if they don't go through the
> filter, they don't get out.
Then iptables is the answer.
- BS
More information about the Members
mailing list