SMTP RELAY THROUGH WWW PROXY
Moderator: Qbik Staff
4 posts
• Page 1 of 1
SMTP RELAY THROUGH WWW PROXY
by shm » Oct 25 03 4:35 am
I have a public www service on port 80 but outside users are able to push smtp spam through my www proxy unless I stop the service. How can I make a policy to allow only legitimate www requests to my http server and reject anything else that is attemtped?
- shm
- Posts: 6
- Joined: Oct 25 03 4:04 am
by shm » Oct 25 03 6:04 am
I treid putting in a Policy and under Advanced a filter that has "HTTP method Equals GET" and "Not HTTP url contains <xyz>". It seems to trap the unauthorized SSL attempts, but is it enough, and is is too limiting on legtimate HTTP requests to my site?
- shm
- Posts: 6
- Joined: Oct 25 03 4:04 am
by adrien » Oct 25 03 7:25 am
The CONNECT method that is used for "SSL tunnelling" is used only by proxy clients, so it is completely invalid for you to receive such a command from the Internet.
By blocking it, you shouldn't be blocking any legitimate access, however if you only allow GET, then you may have issues with forms that use POST.
The other thing you can do is not bind the HTTP proxy to the external interface at all, and use either a TCP mapping, or a redirection in the ENS to pipe external connections through to your web server.
Adrien
By blocking it, you shouldn't be blocking any legitimate access, however if you only allow GET, then you may have issues with forms that use POST.
The other thing you can do is not bind the HTTP proxy to the external interface at all, and use either a TCP mapping, or a redirection in the ENS to pipe external connections through to your web server.
Adrien
- adrien
- Qbik Staff
- Posts: 5443
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 164 guests