[squid-users] substituing sniproxy for squid
Amos Jeffries
squid3 at treenet.co.nz
Thu Mar 24 15:21:13 UTC 2016
On 25/03/2016 1:24 a.m., Luis Daniel Lucio Quiroz wrote:
> I understand, buggy I really need to take out this sniproxy in favor of
> squid.
>
> I'm planning that this path needs the HTTP violation flag on compile time,
> and by default value is off. So when turning on, it won't be an accident.
> Host_verify_header would be a good name for this on/off option
What you plan is not appropriate for general use. So a config option is
not right.
Like I said there is already malware out there capable of taking
advantage of vulnerable proxy. Finding one gives the attacker ability to
poison the proxy cache for a popular URL and turn every network device
behind those proxy into zombies for a botnet. They can do that without
leaving any sign in your logs.
Amos
More information about the squid-users
mailing list