This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy CONNECT Loop DoS?

Running a Nessus vulnerability scan on my network, it detects the IP of my Sophos UTM having one:

MEDIUM: HTTP Proxy CONNECT Loop DoS

Description

The proxy allows the users to perform repeated CONNECT requests to itself.

This allow anybody to saturate the proxy CPU, memory or file descriptors.

** Note that if the proxy limits the number of connections
** from a single IP (e.g. acl maxconn with Squid), it is
** protected against saturation and you may ignore this alert.

Solution

Reconfigure your proxy so that it refuses CONNECT requests to itself.

Port   8080 / tcp / http_proxy    

Any ideas how I fix this?

Version 9.404-5

Thanks,

James.



This thread was automatically locked due to age.
Parents
  • James, have you selected 'Detect HTTP loopback' on the 'Misc' tab of 'Filtering Options'?  Google site:community.sophos.com/products/unified-threat-management/f "Detect HTTP loopback" - Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob.

    Yes, 'Detect HTTP loopback' is on.

    James.

  • Then I wonder if the Nessus scan didn't return a false-positive.  Hopefully, former Astaro guru Jack Daniel will chime in.  Jack now works for Tenable, but still appears here occasionally.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • OK, I may be slow to respond, but eventually...

    Since UTM scans are only "external" (non-credentialed), we have to make some assumptions based on responses.  As Bob said, the loopback prevention setting should protect you- but give me another day or two to play in my lab and see what I find.

    -jd

Reply
  • OK, I may be slow to respond, but eventually...

    Since UTM scans are only "external" (non-credentialed), we have to make some assumptions based on responses.  As Bob said, the loopback prevention setting should protect you- but give me another day or two to play in my lab and see what I find.

    -jd

Children