[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Need an efficient HTTP proxy
From: Bernd Eckenfels <lists () lina ! inka ! de>
Date: 1998-05-31 0:14:35
[Download RAW message or body]
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
-
On Fri, May 29, 1998 at 12:08:35PM -0500, Joe Gross wrote:
> IMO the one thing that apache still has over squid is the ability to bind
> to one or more specific interfaces. This is extremely useful if you have
> a host with several interfaces and only want to provide squid services
> to the internal interfaces. I know you can do ACLs but simply not having
> it listen on the external interface is much safer.
Define: 'much safer' cause this is OS and ip-address dependend:
A lot of OSes allow to connect to the wrong IP on the other interface (if
this is a public one) if you dont filter those packets at the ip-filter
level. If you filter those packets by target-ip you can also filter by
target-port.
And of course it is no problem to tell squid to which interfaces it should
bind to :) (its a one-liner in the source, perhaps a config option already).
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic