[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] HTTP Proxy Security Hole!!!
> The thing that really concerns me is, that this general problem has been > known to be an issue with plain HTTP proxies like the Squid since ages > (see e.g. http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.14). And > why didn't Checkpoint prevent or at least document this? Tunneling mode has always been a bad idea. The way you restricted this in Squid is to define a list of addresses which are allowed to use the proxy. With CheckPoint you should do the same thing by restricting access to the security server in your ruleset. -don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|