Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 5241: Block to-localhost, to-link-local requests by default (#1161)
Squid suggested blocking to-localhost access since 2001 commit 4cc6eb1. At that time, the default was not adjusted because some use cases were known to require to-localhost access. However, the existence of special cases should not affect defaults! The _default_ configuration should either block all traffic or only allow traffic that is unlikely to introduce new attack vectors into the network. Also block to-link-local traffic (by default), for very similar reasons: Popular cloud services use well-known IPv4 link-local (i.e. RFC 3927) addresses (a.k.a. APIPA), to provide sensitive instance metadata information, via HTTP, to instance users and scripts. Given cloud popularity, those special addresses become nearly as ubiquitous as 127.0.0.1. Cloud provider networks shield metadata services from external accesses, but proxies like Squid that forward external HTTP requests may circumvent that protection.
- Loading branch information