But adding all legitimate traffic patterns would seem to be a less
difficult task=20
than trying to add all known (and unknown) bad patterns. You seem to
have hit=20
the nail on Marcus' proverbial head with regards to the point he seems
to me to
be trying to make regarding "permit only what is good."=20

On Thursday, June 02, 2005 1:58 PM, ArkanoiD spake:

>It is ok when securing server traffic, but becames extremely difficult

when it
>comes to client proxy, because there are too many legitimate traffic

patterns to add :-(
>On Thu, Jun 02, 2005 at 03:03:36PM -0400, Marcus J. Ranum wrote:
>> ArkanoiD wrote:
>> >Are there any hints on preventing cross-site scripting attacks and
>> >SQL injection on proxy firewall by, say, applying some regexps on

url data?
>> Instead of trying to block what is bad, permit only what is good.
>> Can you observe your legitimate traffic and converge forward
>>> on a set of regexps that define what "good" looks like? Then

>> deny all else. You might be able to do that in a fairly

>> manner using Squid proxy cache ACLs.

firewall-wizards mailing list