Steven Pfister wrote: > Besides taking away direct access to the webserver (and any vulnerabilities > it may have) and providing some caching for static content, what are some > other advantages of using squid this way? I'm trying to help put together a > security recommendation. >
Squid can terminate an SSL connection and then speak HTTP to the real server, allowing you to secure the outside access without having to SSL-enable all inside access. If you do this with multiple servers, you can use a single wildcard SSL certificate on the squid box to cover all your inside servers, which saves money. We do this. -- CONFIDENTIALITY NOTICE: This e-mail message,including any attachments,is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient,please contact the sender by reply e-mail and destroy all copies of the original message.
begin:vcard fn:Ben Hollingsworth n:Hollingsworth;Ben org:BryanLGH Medical Center;Information Technology adr:;;1600 S. 48th St.;Lincoln;NE;68506-1275;USA email;internet:[EMAIL PROTECTED] title:Systems Programmer tel;work:402-481-8582 tel;fax:402-481-8354 url:http://www.bryanlgh.org version:2.1 end:vcard
