[H-GEN] Squid forwarded_for option

QuarkAV.com - Hilton Travis hilton at quarkav.com
Wed Jan 21 20:14:58 EST 2009


On 22/01/2009 10:37 AM, David Duffy (AVD) wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
> Ted Percival wrote:
>    
>> David Duffy (AVD) wrote:
>>
>>      
>>> I have a Debian server with squid running. The forwarded_for option was
>>> turned on by default. I have now turned it off. Was there any inherent
>>> security problem with outside people knowing the internal IP address of
>>> the (Windows) boxes? This server does have firewall rules in place.
>>>        
>> There is only a problem if you believe in security through obscurity.
>>      
> So, what you're saying is that it poses no additional threat? ie. A
> properly configured server will be equally as effective whether or not
> the forwarded_for option is turned on.
> David...
>    
G'day David,

Allowing potential attackers to know the internal network addressing 
really won't make their attempts that much easier if you have a secure 
perimeter.  As soon as they breach the perimeter, they will have the 
tools at hand to determine this quite easily.  Still, there's no real 
benefit in encouraging script kiddies to pound away at your network!  :)

- Hilton Travis




More information about the General mailing list