[squid-users] Geolocation Vs Squid

Amos Jeffries squid3 at treenet.co.nz
Wed May 6 13:49:43 UTC 2015


On 7/05/2015 12:57 a.m., Rodrigo Lopes Mauricio wrote:
> Hi Antony. Thanks for your answer.
> 
> The public IP is the same with or without squid.
> 
> This is the site in question:
> http://minhaclaro.claro.com.br
> 

Just for fun I went and looked at how this was working.

The default public facing page presented by that IIS/6.0 server is a
page saying "Under Constrution" and reports its reply content as being
located at http://172.30.0.13/iisstart.htm

172.30.0.13 is a private RFC1918 space IP address, not for use on the
global Internet.

Ouch.

That goes on and does an HTML level redirect (30x redirect works
better). Presenting the client with a web form (huh?) in the clear (ouch
#2) containing a fixed set of logins fields (ouch #3) to send over HTTPS
to a third-party domain using a very weak cipher protected by MD5 hash
(alarm bells). Resulting in yet anothet HTML level redirect.

If you access that server without the right details from the form it
diverts you to http://go.microsoft.com/ and sends your details there
along with search query terms for "HTTP 404" (grr).

I would look deeper, but this is already making me want to strangle someone.

Amos




More information about the squid-users mailing list