Hello everybody,
I'm almost sure that the thing I'm going to tell about is well
known, but it's a security issue, so it would be nice to remind
to the community about it.
If one connects to Squid and asks Squid to get itself, e.g
"GET http://localhost:80 HTTP/1.0", Squid goes looping
opening numerous connections to itself. Once I discovered
the problem when I tried to connect to a cachemgr hanging on
a different port, but forgot to specify the port. That time
I just firewalled out packets from the cache's IP address to
Squid's port on the cache.
Today some unnamed hacker tried to get <http://localhost>
and made my Squid loop again. So I added a news access list
"url_regex ^http://localhost" and made the Squid deny such URLs.
Who can devise another way to make Squid loop?
SY, Yar
Received on Thu Nov 27 1997 - 07:25:07 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:44 MST