Steven Pfister wrote:
> Besides taking away direct access to the webserver (and any vulnerabilities it may have) and providing some caching for static content, what are some other advantages of using squid this way? I'm trying to help put together a security recommendation.
>
Squid can terminate an SSL connection and then speak HTTP to the real
server, allowing you to secure the outside access without having to
SSL-enable all inside access. If you do this with multiple servers, you
can use a single wildcard SSL certificate on the squid box to cover all
your inside servers, which saves money. We do this.
-- CONFIDENTIALITY NOTICE: This e-mail message,including any attachments,is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient,please contact the sender by reply e-mail and destroy all copies of the original message.
This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT