Re: [SLUG] neat tricks used for the purposes of evil

2003-09-01 Thread Robert Collins 
On Mon, 2003-09-01 at 10:16, Andrew McNaughton wrote:
> Does squid 3 allow url rewriting scripts access to cookies?  That's also
> been a problem.

No. - again a clientStream module would be the way to go. That or an
external acl call. The redirector interface though is likely to be
deprecated in favour of the more flexible external_acl interface, (which
currently doesn't support redirection, but can be made to do so...)

the external_acl interface supports access to Cookies.

And, it's possible (today) to combine external acl and redirection
scripts to emulation forms based authentication and the like.

Cheers,
Rob

-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-09-01 Thread Andrew McNaughton 

On Sat, 30 Aug 2003, Robert Collins wrote:

> On Sat, 2003-08-30 at 03:17, Andrew McNaughton wrote:
>
> > One setup I did with apache, mod_proxy and mod_perl was a proxy which sat
> > in front of a web server and re-wrote the character set of the content
> > (including http requests) based on the value of a cookie.
> >
> > Are such things possible with squid?
>
> No, this is currently outside the 'canned' solutions squid can do.
>
> However, in squid3 it is possible via a clientStream module - which
> could using embedded perl if you wanted it to.

Does squid 3 allow url rewriting scripts access to cookies?  That's also
been a problem.

Andrew


--

No added Sugar.  Not tested on animals.  May contain traces of Nuts.  If
irritation occurs, discontinue use.

---
Andrew McNaughton   In Sydney
Working on a Product Recommender System
[EMAIL PROTECTED]
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc



-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-31 Thread Jobst Schmalenbach 
On Fri, Aug 29, 2003 at 05:54:15PM +1000, Angus Lees ([EMAIL PROTECTED]) wrote:
> At Tue, 26 Aug 2003 23:40:40 +1000, Robert Collins wrote:
> > I'm dubious about 'vastly more versatile' - that quite unsubstantiated.
> 
> For example, you can't use random perl functions to control squid's
> behaviour.  You can with apache+mod_perl, which in my book counts as
> "vastly more versatility".

If you can write a perl script to use it as an "ad buster" (which I use)
you can do anything with perl as you have full control of where it comes 
from, where it goes to, what browser, what ip, what anything 



jobst



-- 
Don't let a little dispute injure a great friendship.

 __, Jobst Schmalenbach, [EMAIL PROTECTED], Technical Director
   _ _.--'-n_/   Barrett Consulting Group P/L & The Meditation Room P/L  
 -(_)--(_)=  +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-30 Thread Robert Collins 
On Sat, 2003-08-30 at 03:17, Andrew McNaughton wrote:

> One setup I did with apache, mod_proxy and mod_perl was a proxy which sat
> in front of a web server and re-wrote the character set of the content
> (including http requests) based on the value of a cookie.
> 
> Are such things possible with squid?

No, this is currently outside the 'canned' solutions squid can do.

However, in squid3 it is possible via a clientStream module - which
could using embedded perl if you wanted it to.

Rob

-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-29 Thread Andrew McNaughton 
On Sat, 30 Aug 2003, Robert Collins wrote:

> On Fri, 2003-08-29 at 17:54, Angus Lees wrote:
> > At Tue, 26 Aug 2003 23:40:40 +1000, Robert Collins wrote:
> > > I'm dubious about 'vastly more versatile' - that quite unsubstantiated.
> >
> > For example, you can't use random perl functions to control squid's
> > behaviour.  You can with apache+mod_perl, which in my book counts as
> > "vastly more versatility".
>
> Sure you can. You can use perl, python, shell, smalltalk  anything
> that can sit on an io loop.
>
> You don't have access to -all- of squids innards any more than you do in
> apache, but you most certainly can control the behaviour - access
> control, request rewriting, user identification, bandwidth allocation in
> perl.

One setup I did with apache, mod_proxy and mod_perl was a proxy which sat
in front of a web server and re-wrote the character set of the content
(including http requests) based on the value of a cookie.

Are such things possible with squid?

Andrew McNaughton

--

No added Sugar.  Not tested on animals.  May contain traces of Nuts.  If
irritation occurs, discontinue use.

---
Andrew McNaughton   In Sydney
Working on a Product Recommender System
[EMAIL PROTECTED]
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc



-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-29 Thread Robert Collins 
On Fri, 2003-08-29 at 17:54, Angus Lees wrote:
> At Tue, 26 Aug 2003 23:40:40 +1000, Robert Collins wrote:
> > I'm dubious about 'vastly more versatile' - that quite unsubstantiated.
> 
> For example, you can't use random perl functions to control squid's
> behaviour.  You can with apache+mod_perl, which in my book counts as
> "vastly more versatility".

Sure you can. You can use perl, python, shell, smalltalk  anything
that can sit on an io loop.

You don't have access to -all- of squids innards any more than you do in
apache, but you most certainly can control the behaviour - access
control, request rewriting, user identification, bandwidth allocation in
perl.

Cheers,
Rob

-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-29 Thread Angus Lees 
At Tue, 26 Aug 2003 23:40:40 +1000, Robert Collins wrote:
> I'm dubious about 'vastly more versatile' - that quite unsubstantiated.

For example, you can't use random perl functions to control squid's
behaviour.  You can with apache+mod_perl, which in my book counts as
"vastly more versatility".

-- 
 - Gus (not defending any opinions expressed earlier in the thread)
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-26 Thread Robert Collins 
On Tue, 2003-08-26 at 22:51, Andrew McNaughton wrote:
> On Tue, 26 Aug 2003, Del wrote:
> 
> > (Seriously, through, does anyone actually ever use
> > mod_proxy in apache?).
> 
> Of course.  It's vastly more versatile than squid, and sometimes that's
> what you need.  In particular it's commonly used in combination with
> mod_rewrite and mod_perl to make a lightweight front end server which
> handles all the image requests so the hulking mod_perl processes don't sit
> around waiting to serving images to slow modem users.

Just for the record: squid does this just fine (and will cache those
images at the same time).

I'm dubious about 'vastly more versatile' - that quite unsubstantiated.

Rob

-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-26 Thread Andrew McNaughton 
On Tue, 26 Aug 2003, Del wrote:

> (Seriously, through, does anyone actually ever use
> mod_proxy in apache?).

Of course.  It's vastly more versatile than squid, and sometimes that's
what you need.  In particular it's commonly used in combination with
mod_rewrite and mod_perl to make a lightweight front end server which
handles all the image requests so the hulking mod_perl processes don't sit
around waiting to serving images to slow modem users.

Apache with mod_perl works pretty well as a highly configurable spooler,
along side serving simple requests, but its pretty poor as a caching
proxy for web surfing.  For that you use squid.

Andrew



--

No added Sugar.  Not tested on animals.  May contain traces of Nuts.  If
irritation occurs, discontinue use.

---
Andrew McNaughton   In Sydney
Working on a Product Recommender System
[EMAIL PROTECTED]
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc



-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-26 Thread Robert Collins 
On Tue, 2003-08-26 at 22:05, Ken Foskey wrote:
> On Tue, 2003-08-26 at 21:54, Del wrote:
> 
> > (Seriously, through, does anyone actually ever use
> > mod_proxy in apache?).
> 
> If you are running a small home network and want a webserver on your
> external IP then why run squid and apache.

Uhmm,
security
speed (line utilisation effiency)
resource use (squid can be tuned to be small and fast for such
environments)
flexability
ease of use and management

And thats without mentioning:
run squid with acceleration mode on port 80, filtering requests and
forwarding valid ones to your webserver on an internal server.

Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-26 Thread Ken Foskey 
On Tue, 2003-08-26 at 21:54, Del wrote:

> (Seriously, through, does anyone actually ever use
> mod_proxy in apache?).

If you are running a small home network and want a webserver on your
external IP then why run squid and apache.  Run 1 thing and get both.

Would not run it in a real production setting with more than a very few
users though.

-- 
Thanks
KenF
OpenOffice.org developer

-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-26 Thread Robert Collins 
On Tue, 2003-08-26 at 21:54, Del wrote:


> (Seriously, through, does anyone actually ever use
> mod_proxy in apache?).

A surprising number. It's always fun to watch the penny drop as the grok
squid :}.

Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-26 Thread Del 
Nicholas Wilcox wrote:
Jamie Wilkinson said:

Watch out for misconfigured webservers used to send spam.


I recieved an alert at work about this a few weeks ago:
http://xforce.iss.net/xforce/xfdb/12681
Use a handsaw to chop wood.  Use a hawk to hunt rabbits.

Use apache to serve web pages.  Use squid to be a proxy.

(Seriously, through, does anyone actually ever use
mod_proxy in apache?).
--
Del
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-26 Thread Nicholas Wilcox 
Jamie Wilkinson said:
> Watch out for misconfigured webservers used to send spam.

I recieved an alert at work about this a few weeks ago:
http://xforce.iss.net/xforce/xfdb/12681

-- 
Cult - A sociotype of an auto-toxic meme-complex, composed of membots
and/or memeoids.

Memetic Lexicon : http://pespmc1.vub.ac.be/MEMLEX.html


-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-25 Thread Robert Collins 
On Mon, 2003-08-25 at 19:08, Jamie Wilkinson wrote:


> 
> A little bit more investigating showed that the webserver had mod_proxy
> incorrectly configured.  The access controls were allowing anyone to proxy
> anything to anywhere... including allowing random people to submit posts to
> random urls... random urls that included every MX listed in the same subnet.

This is a well known security issue - it's why squid ships with a
default configuration that blocks access to unsafe ports - such as 25.

> So, does anyone know how to detect if a webserver is an open proxy just by
> connecting to it?  Or is that another thing that would be brute-forced?  I
> suspect not, otherwise there'd be a lot of proxied POST attempts showing up
> in the logs.

Yep, try posting or connect, or put to port 25.

Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] neat tricks used for the purposes of evil

2003-08-25 Thread Jeff Waugh 


> I'm wondering now how wide-spread this proxy spam attack is.

Very; there are automated systems that go looking for these, as well as old
FormMail scripts, open http proxies (checking for CONNECT to do exactly the
same thing), yada yada yada.

> So, does anyone know how to detect if a webserver is an open proxy just by
> connecting to it?  Or is that another thing that would be brute-forced?  I
> suspect not, otherwise there'd be a lot of proxied POST attempts showing
> up in the logs.

Perhaps find a spammer's toolkit? :-) Constructing the POST shouldn't take
too long, though.

- Jeff

-- 
linux.conf.au 2004: Adelaide, Australia http://lca2004.linux.org.au/
 
   "In the beginning was the word, and the word was content-type:
text/plain" - Martin Schulze
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug