On Mon, 17 Jul 2000, Hudak, Tyler wrote:
> Hello all,
>
> I'm having trouble finding some information on Netscape's Proxy server and
> I was hoping you can help. Due to the screwed up internal network structure
> here, the most efficient way to route internet reqests will be thru a proxy
> server. We are looking at Netscape's proxy server because it supports LDAP
> authentication while Microsoft's does not. Here is my question:
> When used with a Checkpoint Firewall-1 box, what information does the
> proxy server send to the firewall? Does it send the user ID that is making
> the request or does it send a "generic" ID? The reason I am asking is that
> we would like to granularly control who has access to what. For instance,
> we would like to give access to certain URL's to certain people. The
> easiest way to do this looks like it will be on the firewall. Can it be
> done on either?
> Another reason why we would like to do this is currently we have internet
> access for the entire company only to certain sites (company webpage,
> partner company pages, etc). Anyone can go to these pages without
> authentication. To get to anywhere else, authentication is required. This
> is also done with ftp and telnet. Can this be done thru the proxy/firewall
> scenario? Thanks.
I think the easiest way to do this all would be to use proxy ACLs. I don't
know whether the Netscape Proxy supports these, but at least squid
(http://squid.nlanr.net/Squid) provides these.
You should just write some rules to allow unrestricted access to the
"free" sites and block access for those without password on all other
sites.
Your firewall should then block all traffic from everything but your proxy
to all Web and FTP servers on the internet.
>
> Tyler Hudak
> Network Security Analyst
> Roadway Express
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
--
MSDOS - MicroSoft Denial Of Service
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
