« PayPal's Information Risk Management Team is Hiring | Main | Got My New Security Key »

March 09, 2009

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e5502ec8d98834011168ceb72c970c

Listed below are links to weblogs that reference Socket Capable Browser Plugins Result In Transparent Proxy Abuse:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Joachim Otahal

Solve for squid in squid.conf (testet here, seems to work):

acl NOCACHELAN dst 192.168.0.0/16 10.0.0.0/8
acl NOCACHELAN2 dstdomain .intra .local
http_access deny NOCACHELAN
http_access deny NOCACHELAN2

Without these lines I get our intranet when doing following:

telnet www.heise.de 80
GET / HTTP/1.0
Host:192.168.250.9

With these lines squid gives me "access denied"

regards,

Joachim Otahal , Germany

Emilio

Joachim, have you tried with Host: www.other-site.com ?

the abuse is related to anywhere host, not internal hosts.

Regards.

Joachim Otahal

It does not protect from spoofing from one outside server to another outside server.
My target was quick protecting the internal network.
There are squid options which can fix this to some extend, but then some websites don't work, and more internal information is exposed outside than I want.
Rechecking should be done anyway, squid evolves.

Jou

Proxy Servers

Try with current stable version of squid. Worked for me.

The comments to this entry are closed.