Re: proxy / firewall question

From: Duane Wessels <wessels>
Date: Fri, 15 Nov 96 14:09:48 -0800 writes:

>1. is an acceptable application for Squid (i.e. application gateway)? Is it
>as secure as the fwtk http proxy?

Yes it is of course an application gateway. But I wouldn't rely on
it for security. I'll bet Squid has two orders of magnitude more source
code than TIS.

>2. I have tested it internally (not on a dual homed host) by setting the
>port to 80, and using the 'httpd_accel' and 'httpd_accel_with_proxy' tags
>to send http requests through the proxy to the web servers. Is this the
>correct way to implement the proxy on the firewall?

Hm, probably not. The httpd_accel feature allows you to put Squid
in where your HTTP server used to be. You probably don't need that.

>3. we have a number of web servers (some virtual) running on the network. I
>think I understand how to use 'tcp_incoming' and 'tcp_outgoing' to bind to
>the necessary IP addresses on the firewall, but I am not sure how to send
>the queries to the respective web servers. Is it simply a matter of using
>the redirector script?

Virtual hosting gets complicated. It depends whether or not you run
Squid on the virtual host machine. If so then you just need to add
the '-V' option, or enter

   httpd_accel virtual 80

in the config for later versions.

Duane W.
Received on Fri Nov 15 1996 - 14:09:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:34 MST