[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Qube 3 Squid runs as Open Relay Proxy by default
- Subject: [cobalt-security] Qube 3 Squid runs as Open Relay Proxy by default
- From: "Richard Nellist" <richard@xxxxxxxxxxxxxxx>
- Date: Wed, 17 Jul 2002 22:24:41 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi all,
I'm not sure if this has already been answered somewhere as I haven't been
able to access my lists for a while.
I've seen a report from one of our clients that their Qube 3 is running as
an Open Relay Proxy and can therefore be used for email spamming through the
Squid port on the ppp connection when dialed up.
After some looking around, Squid's default http_access action is to disallow
any connection and the administrator must specifically allow networks, and
ports to use it as a proxy.
Unfortunately the Cobalt Qube 3 rules which are automatically added to the
config when caching is enabled allow anyone anywhere access to the proxy,
which then allows it to be used for email relaying through the HTTP proxy.
"http_access allow all"
Can I just change the squid.conf and insert more restrictive access control
rules above the Cobalt auto generated lines to control proxy access? Or will
they then be overwritten by the Qube 3 software if it updates the
squid.conf?
Is it possible to modify the Qube 3 scripts to only allow proxy connections
from itself and the local network instead of globally allowing connections
from anywhere?
Is this a problem specific to the Qube 3 or is it also present in the Raq's
as well?
Best Regards
Richard Nellist