[H-GEN] Squid forwarded_for option
Stephen Thorne
stephen at thorne.id.au
Wed Jan 21 21:28:16 EST 2009
On 2009-01-22, David Duffy (AVD) wrote:
> So, it's looking like the "expert" concerned doesn't know as much as he
> thought he did. He does seem knowledgeable, but maybe he has some holes
> in that knowledge?
Information leakage is something taken a little too seriously, or
perhaps not seriously enough, by some people.
There are various interesting things you can learn from simple things
like Referral headers or Forwarded headers - perhaps you're transmitting
data you didn't want to, such as allowing a remote server to ascertain
which unique machines behind your squid proxy log into a server.
For instance, it would allow someone to know how many machines are
behind your squid proxy. That's a privacy concern, not a security
concern, but those things go hand in hand most of the time anyway.
As to if it's a good idea to turn it on, I have it turned off on every
squid proxy that I administer, and I administer a good number of squid
proxies.
--
Regards,
Stephen Thorne
Development Engineer
NetBox Blue - 1300 737 060
Can you afford to be without a NetBox?
Find out the real cost of internet abuse with our ROI calculator.
http://netboxblue.com/roi
Scanned by the NetBox from NetBox Blue
(http://netboxblue.com/)
More information about the General
mailing list