[squid-users] Queries on safe_ports
Amos Jeffries
squid3 at treenet.co.nz
Thu Jan 7 17:15:23 UTC 2016
On 8/01/2016 4:32 a.m., Anonymous cross wrote:
> Hi All,
>
> I have basic queries on an usage of safe and SSL_ports in squid.
>
> Since squid proxies only HTTP packets then why do we need to add different
> protocols in safe ports?
Some protocols particularly the older text based ones that ports 0-1024
were regiestered for can be smuggled through as crafted HTTP headers or
payload. Allowing clients to request proxying to them causes dangerous
problems.
>
> Our box is configured to redirect only port 80 packets to 3129? Do we need
> to have safe and SSL ports in such a case?
Yes. The ACLs are not about what ports are used to contact Squid but
what ports are permitted to be used in the URLs served by Squid.
>
> I am trying to understand the need for safe ports in SQUID proxy. Because I
> don't see any use-case for this.
<http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls>
Amos
More information about the squid-users
mailing list