good morning
a nessus scan give this about my squid : Warning found on port squid-http (3128/tcp)
The misconfigured proxy accepts requests coming
from anywhere. This allows attackers to gain some anonymity when browsing
some sensitive sites using your proxy, making the remote sites think that
the requests come from your network.
Solution: Reconfigure the remote proxy so that it only accepts requests coming from inside your network.
i see squid.conf and find this :
#Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localdomain src 192.168.0.0/255.255.255.0 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 563 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT
auth_param basic program /usr/lib/squid/ncsa_auth /usr/local/squid/users auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 24 hour
acl eth0 src 192.168.0.0/255.255.255.0 acl users proxy_auth REQUIRED
http_access allow eth0 users
# Only allow cachemgr access from localhost http_access allow manager localdomain http_access allow localdomain # Deny requests to unknown ports http_access deny manager # Deny CONNECT to other than SSL ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports
http_access deny to_localhost
another lines to add or uncomment to avoid this nessus message ? thanks
