Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Oct 25 03 4:35 am
I have a public www service on port 80 but outside users are able to push smtp spam through my www proxy unless I stop the service. How can I make a policy to allow only legitimate www requests to my http server and reject anything else that is attemtped?
Oct 25 03 6:04 am
I treid putting in a Policy and under Advanced a filter that has "HTTP method Equals GET" and "Not HTTP url contains <xyz>". It seems to trap the unauthorized SSL attempts, but is it enough, and is is too limiting on legtimate HTTP requests to my site?
Oct 25 03 7:25 am
The CONNECT method that is used for "SSL tunnelling" is used only by proxy clients, so it is completely invalid for you to receive such a command from the Internet.
By blocking it, you shouldn't be blocking any legitimate access, however if you only allow GET, then you may have issues with forms that use POST.
The other thing you can do is not bind the HTTP proxy to the external interface at all, and use either a TCP mapping, or a redirection in the ENS to pipe external connections through to your web server.
Adrien
Oct 25 03 9:03 am
Does that mean I can put in a rule to reject "HTTP Method equals CONNECT" ?
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.