> From: Damien Miller <dmiller @
vitnet .
com .
sg>
> To: firewalls @
GreatCircle .
COM
> Subject: CERN/W3C HTTPd as proxy
> Sender: firewalls-owner @
GreatCircle .
COM
> Does anyone have any comments/criticisms about the use of W3c (CERN) HTTPd
> as a caching proxy on a firewall?
I would avoid using large complex programs on a firewall.
Small simple programs are much easier to verify for correctness
and this is crucial to maintain security. I don't have a specific
recommendation, but look for something small, simple, and well-written
to use a base.
Try to disable or remove as much functionality as you can.
Then compartment it off as best you can: run it chroot()ed,
run it with no privileges, etc. Better yet, run it on a separate machine.
--
Regards,
--------------------------------------------------------------------------
Sunny Azah - sazah @
ibu .
sj .
nec .
com
Internet Business Unit, Home of the PrivateNet
NEC Technologies, Inc.
110 Rio Robles San Jose, CA 95134
Tel:(408) 433-2161 FAX:(408) 433-1230
http://www.privatenet.nec.com
--------------------------------------------------------------------------
Follow-Ups:
References:
|
|
