On 10/9/07, Craig Skinner <[EMAIL PROTECTED]> wrote:
> Siju George wrote:
> >
> > First of all proxy is used to control web access ( like URL filter )
> > for a certain group of people. There are others who connect through
> > NAT and who can get better perfomance. Yes Squid degrades performances
> > at some cases.
> > Then there are websites that don't work well with squid.
> >
> > So in my case I have to work up a solution which is a mixture
>
> You need to learn more about squid, in particular the ACLs for different
> groups logged in users (try LDAP).
>
I use ACLs thats why I am able to block portions of the web for certain users.
ACLs don't improve perfomance in some cases simple NAT is much faster
than taking it through squid.
Yes I am on my way to LDAP integration.
It was a tough road trying to learn and implement it :-)
>
> How on earth does that make an app more secure. You are listening to
> urban rumours, like vista being the most secure os.......
>
> >
> > Not sure what you mean by being man enough :-)
> >
>
> Cowards hide behind their mother's skirt. You are trying to hide squid
> on the loopback, which is as flimsy a protection device as a skirt.
>
>
If you are running a firewall on OpenBSD with FTP proxy then it
listens behind the mothers skirt :-)
proxy ftp-proxy 9695 3* internet stream tcp 0xd6b4a644 127.0.0.1:8021
and the man page says you should have the rule.
rdr pass on $int_if proto tcp from $lan to any port 21 -> \
127.0.0.1 port 8021
pfSense developers changed listening squid to localhost and
redirecting from the internal interface allowed traffic.
Let us wait and see if somebody who is more knowledgeable than both of
us is able to give a clear explanation :-)
I think there is more to it than Urban Rumors :-)
Kind Regards
Siju
