On Tue, Feb 19, 2002 at 02:19:50PM -0800, Steve VanDevender wrote: > It's not just Checkpoint Firewall that has a problem with HTTP CONNECT. > From what I can tell default installations of the CacheFlow web proxy > software, some Squid installations, some Apache installations with > proxying enabled, and some other web proxy installations I haven't > identified allow anyone to use the HTTP CONNECT method. This is being > used more and more often to relay spam. This is a boon for spammers The authors of Squid sorted that problem out YEARS ago. The default ACLs within Squid state: acl SSL_ports port 443 563 # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports i.e. you can only use the CONNECT proxy option for ports 443 and 563. I'm amazed this isn't the default in other products... This is a really old problem... -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417
