Has anyone got any more information on this?
Proxy server bug exposes websites' private parts • The Register
Has it been fixed in the latest smooth guard / advanced firewall?
Printable View
Has anyone got any more information on this?
Proxy server bug exposes websites' private parts • The Register
Has it been fixed in the latest smooth guard / advanced firewall?
It's a very interesting and complicated topic. More than you might think. Just look at the comments on that article. Many people not knowing what they are talking about and just about the only one who knows anything is the long post by AC. (No it was not me!!).
But to answer your question - yes it is fixed. On the proxy page there is a tick to allow you to turn on checking that the destination IP and the host header match. "Check request headers against original destination IP:" Or use many of the workarounds.
However the problem is that most big companies like Google, Microsoft, Yahoo, iTunes etc use stealth DNS round robin. This means one can never be sure that the client PC and the proxy will agree on which IP(s) a hostname resolves to. The vulnerability exists when they differ. Those companies make checking very very difficult. There is more info here: https://support.smoothwall.net/index...leid=337&nav=0