Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, Aug 08, 2006 at 11:06:04AM -0400, Grant M. wrote: > dsr at tao.merseine.nu wrote: > > Except for the first feature, you need to explicitly configure > > and regularly maintain a squid cache to keep getting security > > benefits from it. > > So, based upon your comments, simply requiring a squid reverse-proxy > offers no _real_ benefit (excluding caching, which is of little help in > this case) over a standard firewall, unless you explicitely create > rules/acls to limit access to just what the webserver behind the proxy > offers? Yup. Well, there are probably some attacks which start with HTTP but then go on to other protocols; the combination of a firewall and a squid cache means that those might not succeed. But a suitably set up firewall would block those as well, even without squid. -dsr- -- -. --- -- --- .-. . ... . -.-. .-. . - ... ..-. ..- -.-. -.- - .... . -. ... .- ..-. ..- -.-. -. .-. -.. - .... ... ..- -.- -. .-- -.-. -..
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |