Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 4 subscribers
  • Views 21715 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy CONNECT Loop DoS?

jlbrown

Running a Nessus vulnerability scan on my network, it detects the IP of my Sophos UTM having one:

MEDIUM: HTTP Proxy CONNECT Loop DoS

Description

The proxy allows the users to perform repeated CONNECT requests to itself.

This allow anybody to saturate the proxy CPU, memory or file descriptors.

** Note that if the proxy limits the number of connections
** from a single IP (e.g. acl maxconn with Squid), it is
** protected against saturation and you may ignore this alert.

Solution

Reconfigure your proxy so that it refuses CONNECT requests to itself.

Port   8080 / tcp / http_proxy    

Any ideas how I fix this?

Version 9.404-5

Thanks,

James.



This thread was automatically locked due to age.
Parents
  • 0

    I know this is an old post, but did you ever get a resolution?


    I'm getting the same result, but only on my Additional IP (when setting an Additional IP address on the internal interface).  I also have HTTP Proxy Loop Detection enabled, so I'm not getting the warning on that IP, but only on my Additional/Secondary IP. 

    I tried creating a firewall rule to block proxy connections to my secondary IP, but it didn't work.

    At this point, it seems like a proxy loop DoS attack is possible if someone has a Secondary IP assigned to the same interface used for proxy connections.

    Thanks.

Reply
  • 0

    I know this is an old post, but did you ever get a resolution?


    I'm getting the same result, but only on my Additional IP (when setting an Additional IP address on the internal interface).  I also have HTTP Proxy Loop Detection enabled, so I'm not getting the warning on that IP, but only on my Additional/Secondary IP. 

    I tried creating a firewall rule to block proxy connections to my secondary IP, but it didn't work.

    At this point, it seems like a proxy loop DoS attack is possible if someone has a Secondary IP assigned to the same interface used for proxy connections.

    Thanks.

Children
No Data
Unfiltered HTML