Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

security & squid proxy...



On Tue, Aug 08, 2006 at 11:06:04AM -0400, Grant M. wrote:
> dsr at tao.merseine.nu wrote:
> > Except for the first feature, you need to explicitly configure
> > and regularly maintain a squid cache to keep getting security
> > benefits from it.
> 
> So, based upon your comments, simply requiring a squid reverse-proxy
> offers no _real_ benefit (excluding caching, which is of little help in
> this case) over a standard firewall, unless you explicitely create
> rules/acls to limit access to just what the webserver behind the proxy
> offers?

Yup. 

Well, there are probably some attacks which start with HTTP but
then go on to other protocols; the combination of a firewall and
a squid cache means that those might not succeed. But a suitably
set up firewall would block those as well, even without squid.

-dsr-


-- 
-. ---   -- --- .-. .   ... . -.-. .-. . - ... 
..-. ..- -.-. -.-   - .... .   -. ... .- 
..-.   ..-   -.-. -.   .-. -..   - .... ...   ..-   -.- -. .--   -.-. -..





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org