On Wed, Aug 15, 2001 at 08:41:15PM +0200, Christian Volk wrote: > Hi! > > I'm in the process of setting up a leased line/static IP > internet connection with the option of a DMZ and a second > firewall. > > To simplify the firewalls, I'm thinking about moving the http > proxy (squid) from the firewall machine to a machine behind > the firewall. > > Are there any additional security risks with the proxy on the > intranet?
What some people do is they run a simple, secure, non-caching http proxy (e.g. the http-gw from TIS fwtk) on the firewall and run Squid behind the firewall. Squid needs to use the http-gw as its parent. The http-gw is very simple and doesn't need to do any caching or anything and Squid, which is much more complex, has no direct connection to the 'net. In the Squid docs they mention running it in conjunction with http-gw. -- Michael Wood <[EMAIL PROTECTED]>
