Bugtraq mailing list archives

Re: Non-standard usage of HTTP proxy servers

From: "Philip Stoev" <philip () stoev org>
Date: Mon, 22 Oct 2001 19:08:59 +0300

Using Squid, one can do

acl Safe_ports port 80 81 21 443 563 70 210 1025-65535
http_access deny !Safe_ports

to prevent that attack. It is well documented in squid.conf and is turned on
by default, I believe

Philip

----- Original Message -----
From: "Alexander Yurchenko" <grange () rt mipt ru>
To: <bugtraq () securityfocus com>
Sent: Monday, October 22, 2001 3:34 AM
Subject: Non-standard usage of HTTP proxy servers

It's possible to connect to one of the
numerous public HTTP proxy servers and send a request like:

POST http://some.host:25/ HTTP/1.0

giving the SMTP commands as a content.

Current thread:

Non-standard usage of HTTP proxy servers Alexander Yurchenko (Oct 22)
- Re: Non-standard usage of HTTP proxy servers Keith Young (Oct 22)
- Re: Non-standard usage of HTTP proxy servers Philip Stoev (Oct 22)