Re: cachemgr.cgi and port scanning from Henrik Nordstrom on 2006-06-10 (squid-dev)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sat, 10 Jun 2006 23:01:04 +0200

lör 2006-06-10 klockan 20:32 +0800 skrev Adrian Chadd:

> An example of someone using cachemgr.cgi to portscan arbitrary hosts.
> What do you all think about adding in some basic configuration
> to lock down which port/host the installed cachemgr.cgi is permitted
> to look at?

You mean something like the cachemgr.conf we have since 2.5.STABLE10?

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-cachemgr_conf

# This file controls which servers may be managed by
# the cachemgr.cgi script
#
# The file consists of one server per line on the format
# hostname:port description
#
# Specifying :port is optional. If not specified then
# the default proxy port is assumed. :* or :any matches
# any port on the target server.
#
# hostname is matched using shell filename matching, allowing
# * and other shell wildcards.
localhost

Regards
Henrik

application/pgp-signature attachment: Detta �r en digitalt signerad meddelandedel

Received on Sat Jun 10 2006 - 15:01:13 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 30 2006 - 12:00:02 MDT