>Number: 915
>Category: mod_proxy
>Synopsis: proxy server -- building and features
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Thu Jul 24 22:20:00 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2.1
>Environment:
SPARCstation 5
SunOS 4.1.4
>Description:
First of all, I really appreciate all of your efforts, your
software is a joy to work with! Excellent work.
The first request I would like to make is: somewhere in the
document ".../src/INSTALL" it should mention that the software
cannot be built with Sun's old default C compiler on the
SunOS 4.x architecture. There are a lot of these systems
left in the world -- not all of them have "gcc" (but that is
changing).
But more importantly, your work on the proxy server is very
admirable. Your software is so modular and flexible that it
doesn't take much effort to make a fine proxy server out of
it. The problem is, a proxy server almost invariably serves
on a Firewall -- this means it should have the following
characteristics:
(1) EXTREMELY SMALL .. this reduces bugs, security
holes, and takes less system resources
(2) built with security in mind
(3) have the proper features
With regard to (1), I would like to request the following:
a. most people do not know the software as well as
The Apache Group .. surely it would be simple
for one of you to determine the absolute smallest
set of modules (and maybe even remove some core
components) to implement a proxy server fit for
a Firewall
b. it would be nice if there was a Makefile target
called "proxy" (so I could type "make proxy") and
it would do the right thing
Regarding (2) above: reading though the documentation it is
very clear to me that The Apache Group had a keen eye on
security as it was designing and building its software,
however it could be taken a little further. I am sure there
are many planned features in the area of security that you
are working on. The only thought I have on the matter is
to implement some of the "wrapper" features of Wietse Venema's
TCP wrapper software -- I am tempted to run the wrappers in
front of your proxy server, but that would only work in non-
daemon mode (which I don't like).
Regarding (3) above: the only missing features of the proxy
server are as follows ..
a. a place to connect a filter module .. so people can
write modules that filter "inappropriate" web pages
(whatever that may be)
b. Apache should have the inherent ability to block
ActiveX, Java, and/or Javascript if the user so
chooses
All in all, a fabulous product! Your software puts most
commercial products to shame. Keep up the great work!
---Darin O.
>How-To-Repeat:
This is a feature request and not a bug.
>Fix:
I have many suggestions.
%0
>Audit-Trail:
>Unformatted:
