Firewalls: Re: CERN httpd vs http-gw

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: CERN httpd vs http-gw
From:	Ken Hardy <ken @ bridge . com>
Date:	Fri, 10 Feb 1995 22:05:19 -0600 (CST)
To:	David Miller <isdmill @ gatekeeper . ddp . state . me . us>
Cc:	Brent Chapman <Brent @ greatcircle . com>, rens @ imsi . com, tpaquett @ aec . ca, firewalls @ greatcircle . com, bdrennin @ plaind . com
In-reply-to:	<Pine . 3 . 89 . 9502100801 . A26737-0100000 @ gatekeeper . ddp . state . me . us>

On Fri, 10 Feb 1995, David Miller wrote:
> 
> Why wouldn't you use simple software created for the task of access 
> control to secure access control, like tcp_wrappers or netacl?
> 

It is possible but not recommended to run the CERN httpd from inetd
because of the overhead to spawn it so often; it's more efficient to have
it running in daemon mode and have it fork itself for new connections as
it's already processed its config file, and the image is already in core. 
This is even more important now, IMHO, with the proliferation of Netscape,
which asks for _lots_ of URLs at once.

Http-gw & plug-gw are much more lightweight, so it's not _as_much_ a 
concern running them from inetd.  Don't have any empirical measurements, 
though.

-- KH

Follow-Ups:

Re: CERN httpd vs http-gw
From: David Miller <isdmill @ gatekeeper . ddp . state . me . us>

References:

Re: CERN httpd vs http-gw
From: David Miller <isdmill @ gatekeeper . ddp . state . me . us>

Indexed By Date	Previous:	Re: split DNS (was Re: Firewall Product Review) From: Quentin Fennessy <Quentin . Fennessy @ SEMATECH . Org>
Indexed By Date	Next:	new book pre announcement From: Network Security Observations <NSO @ delphi . com>
Indexed By Thread	Previous:	Re: CERN httpd vs http-gw From: David Miller <isdmill @ gatekeeper . ddp . state . me . us>
Indexed By Thread	Next:	Re: CERN httpd vs http-gw From: David Miller <isdmill @ gatekeeper . ddp . state . me . us>