Re: Controlling neighbour access

From: John Sloan <johns@dont-contact.us>
Date: Tue, 18 Feb 1997 15:28:51 +0000 (GMT)

On Tue, 18 Feb 1997, Ed Knowles wrote:

> On Feb 18, 10:08am, Mark Eldridge wrote:
> > Subject: Controlling neighbour access
> > I'd like to be able to control which objects on our cache our neighbours
> > have access to. If our organisation's internal documents are cached then
> > it is possible that our neighbours could access these documents, bypassing
> > any security that may be in place on the end web server.

We had this problem for a while.

> You can add cache_stoplist cgi-bin ? .csiro.au
>
> your cache will now NOT have any csiro.au documents in it to serve to
> neighbours.

However it will still quite happily serve a csiro.au document if one is
requested from it, though it will now not cache it.

A better solution is to deny the cache access to the pages on the internal
web server. This will prevent external users from being able to fetch
internal resources through the cache.

This does mean that internal users using the cache will not be able to
fetch internal pages through it either. The solution for them is to
configure their browsers to go direct for those domains. [Easy to do if
they are using a proxy autoconfig script which you control for instance].

John
Received on Tue Feb 18 1997 - 06:36:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:29 MST