njensen@salsa.habaneros.com writes:
>1. is an acceptable application for Squid (i.e. application gateway)? Is it
>as secure as the fwtk http proxy?
Yes it is of course an application gateway. But I wouldn't rely on
it for security. I'll bet Squid has two orders of magnitude more source
code than TIS.
>2. I have tested it internally (not on a dual homed host) by setting the
>port to 80, and using the 'httpd_accel' and 'httpd_accel_with_proxy' tags
>to send http requests through the proxy to the web servers. Is this the
>correct way to implement the proxy on the firewall?
Hm, probably not. The httpd_accel feature allows you to put Squid
in where your HTTP server used to be. You probably don't need that.
>3. we have a number of web servers (some virtual) running on the network. I
>think I understand how to use 'tcp_incoming' and 'tcp_outgoing' to bind to
>the necessary IP addresses on the firewall, but I am not sure how to send
>the queries to the respective web servers. Is it simply a matter of using
>the redirector script?
Virtual hosting gets complicated. It depends whether or not you run
Squid on the virtual host machine. If so then you just need to add
the '-V' option, or enter
httpd_accel virtual 80
in the config for later versions.
Duane W.
Received on Fri Nov 15 1996 - 14:09:49 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:34 MST