On Sat, 2007-05-26 at 21:15 +0200, Roland Weber wrote: > Hi all, > > I'm collecting my ideas on proxy chains. Please > take a brief look and give me a reality check. > > The purpose of a proxy chain is to get through > more than one firewall. The client connects to > proxy1, proxy1 connects to proxy2,... and the > last proxy connects to the server. > For proxies 1...n-1, the connection needs to be > tunnelled, meaning that a CONNECT request is > sent and the proxy afterwards does not interpret > the transferred data anymore. The last proxy in > the chain can operate without a tunnel (unless > HTTPS is used of course), as if the client had > connected directly to it. > If HTTPS is to be used, all proxies need to be > tunnelled one after another, and finally an SSL > socket is layered over the end-to-end tunnel. > > Does that make sense? > Do I miss important use cases? > Would anybody want to layer SSL between client > and one of the proxies rather than end-to-end? >
Roland Here's my take on the matter. Proxy chaining is only relevant for large corporations with complex security requirements and regulations. Those people can usually afford to task a software engineer or two with writing a custom component to meet their specific requirements. You probably should not spend your time writing and testing all this non-trivial code (unless you feel like doing so, of course). Support for proxy chaining should probably donated to the project by an external (most likely commercial) entity. All we have to ensure is that HttpRoute is flexible enough to represent a chain of proxies. That's it. Oleg > thanks, > Roland > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
