Hi, > Agreed. But if the idea is to protect your internal clients from your > intranet web servers, the proxy isn't doing much for you. Plus again, > someone can just configure their machine to not use the proxy as mentioned > previously. If the machines are available on the public intranet without > having to go through some firewall, you can't slap much of a guarantee on > things not reaching them except via your proxy. You mention setting up > routing ACL policies for HTTP traffic further down. This isn't something > that is reasonable to manage in a large organization and does nothing from > stopping people from selecting alternate ports.
Well if you stick a firewall inbetween and limit to only 80/443 and then redirect the requests to a web proxy(I know there are issues with https proxying, like MTM). Then you can filter/drop do what ever you like. Cheers, Dan. -- DanB UK London, UK _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
