[squid-users] squid interception
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Sep 25 11:12:27 UTC 2018
On 25.09.18 12:39, Yann Girardin wrote:
> We have encountered what we think is a strange behavior of Squid when in
> interception. We know that it's not a bug but made on purpose, but we
> question ourself on the why of this choice.
> We have a firewall that we have configured to redirect all TCP packets
> with the destination port set to 80 to the squid box. This redirection is
> made by changing the destination IP to the address of the Squid box and
this is wrong way to do interception and it opens door to a security
squid needs to know the destination IP, otherwise it does not know where it
has to connect.
The Host: header is NOT a reliable info, because it can contain false
information. see the vulnerability info:
> destination port to 8080. On the box, we set up Squid to listen to port
> 9090 in interception mode. Moreover, we use some DNAT rules to redirect
> the traffic from port 8080 to port 9090. Yes, we know that we shouldn't
> do that, but "we" includes some third parties.
the proper way to do interception is to forward packets do squid host
without changing the destination I
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
More information about the squid-users