Rumour has it that on 28 Jun 95 at 11:30, Daniel O'Callaghan said:
> This really belongs on www-proxy @
I already tried there some time back, but the folks there were pretty
clueless about firewalls. The short answer was, "probably".
> On Mon, 26 Jun 1995, Jim Carroll wrote:
> > Just wondering if anybody has tried setting up the Harvest
> > hierarchical object cache as an app proxy through a firewall. Let's
> > hear the good and the bad, and any possible comparisons to the Cern
> > server proxy.
> I have tested Harvest cached and found it to work well when it works, but
> it appears have a memory leak and will ultimately crash or run away with
> "Unable to allocate 0 bytes" messages.
> It does not preserve the cache across a restart, and it does not check
> with the remote site using GET If-modified-since pragmas before returning
> documents from its cache.
Ouch. That doesn't bode well.
I should have probably been a bit more succinct in my request,
though. To wit:
In a *firewalls* context (read: stability, vulnerability from the
outside, etc), how well does the Harvest cache work?
You've filled in most of the blanks. Now if it has no probs under
chroot, my primary concern would be whether a hacker could use it to hop
through a firewall into your trusted network.
What system were you running it on? Are the authors aware of the
problems you mention? Do they care?
Jim Carroll - jcarroll @
... the usual disclaimers ...
## If you like this sort of thing, ##
## this is the sort of thing you'll like. ##