Paul Cocker wrote:
> Sorry if we're entering into "duh" territory here, but quite simply are
> there non-performance benefits to be gained from a reverse proxy
> configuration. I'm thinking in terms of security for the most part. Say,
> a squid reverse proxy sitting in the DMZ in a reverse proxy
> configuration for a website on the internal network.
As you say there is performance and load-relief. Then there are the
things I'm using it for which Apache cannot do:
DMZ secure gatewaying to internal servers allows the them to securely
server confidential information to fixed internal IPs and
non-confidential info to a fixed (squid) IP.
Squid 3.1 (3-HEAD currently) is gatewaying IPv4 and IPv6 for clients and
servers which cannot communicate otherwise.
It is also allowing me to securely provide monitored web browsing to a
black-box public WiFi network which my firewall and router can only see
as a single IP an MAC address doing a LOT of web access. No more
anonymous overcharges due to P2P software!!
> I see Apache can also do reverse proxy, which was surprising to me, or
> is it not quite the same thing?
It's their version. Though people have varying degrees of complaints
about it. I have none, but that I don't tax it for very much beyond
customer external WebHops.
The biggest issue with the apache proxy modules is that you need the
whole apache to run them. Apache is not exactly light in its default
packaging. While a running squid is not that much better it has less
knobs to turn things off.
Amos
-- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.Received on Wed Feb 06 2008 - 01:45:01 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:04 MST