security & squid proxy...
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Tue Aug 8 11:14:25 EDT 2006
On Tue, Aug 08, 2006 at 11:06:04AM -0400, Grant M. wrote:
> dsr at tao.merseine.nu wrote:
> > Except for the first feature, you need to explicitly configure
> > and regularly maintain a squid cache to keep getting security
> > benefits from it.
>
> So, based upon your comments, simply requiring a squid reverse-proxy
> offers no _real_ benefit (excluding caching, which is of little help in
> this case) over a standard firewall, unless you explicitely create
> rules/acls to limit access to just what the webserver behind the proxy
> offers?
Yup.
Well, there are probably some attacks which start with HTTP but
then go on to other protocols; the combination of a firewall and
a squid cache means that those might not succeed. But a suitably
set up firewall would block those as well, even without squid.
-dsr-
--
-. --- -- --- .-. . ... . -.-. .-. . - ...
..-. ..- -.-. -.- - .... . -. ... .-
..-. ..- -.-. -. .-. -.. - .... ... ..- -.- -. .-- -.-. -..
More information about the Discuss
mailing list