This is what we do.
All users must use our local web server as a proxy for
http, ftp etc from their web browser.
The local server then forwards requests through the firewall
using the FWTK http-gw.
USER m/c ---> CERN httpd ---> FWTK http-gw ---> Internet
PC or Unix local web firewall m/c
Response time is OK, and using the caching on the local web server
can improve performance for regularly accessed files.
Policy is enforced by only allowing requests from the local web server
through the firewall machine. (We actually have an additional packet
filter between the local server and the firewall but it is not necessary
for this application).
> Is it possible to configure a httpd proxy so that when a local
> workstation browser requests a page from the internet the
> request is redirected to a httpd proxy server on a local host which
> in turn forwards the request to a httpd proxy server on a remote
> host which then "connects" to the internet web server which
> the workstation originally requested? (Whew!) What tools (FWTK...) would
> be necessary? Is there any hope that response time through
> these proxy layers would be even marginally acceptable? Thanks!