[EMAIL PROTECTED] said:
> Todd
>
>> > Is a caching proxy *just* for performance then with
>> > no security value whatsoever?
>>
>> Realistically, yes. Depending on how far you go, though, you may
>> consider it a security value to not let the outside world know if
>> you
>> re-request something. Say... to hide the number of computers behind
>> the proxy.
>
> If I was more talented about such things maybe I would implement an
> http proxy but it seems like quite a lot of work for not much gain.
> I've heard that iptables does stateful filtering... I don't know
> exactly how that can help with html... if your proxy could filter
> out 'bad' html somehow that would be useful. I don't know if it would
> take more apps than iptables to filter out ads, javascript and stuff
> like that.
A true proxy knows the difference between http packets and others
passing through it. It can be configured to disallow other types of
traffic on the port. Iptables is not a proxy, therefore it cannot
determine the type of traffic passing on port 80, only whether that
traffic was in response to a request, or initiated from the outside,
it knows about ports it doesn't know about the application level.
--
Neil Schneider pacneil_at_linuxgeek_dot_net
http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D
"All political parties die at last of swallowing their own lies."
-- Dr. John Arbuthnot (1667-1735)
--
KPLUG-List mailing list
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list