Mailinglist Archive: opensuse-security (556 mails)
| < Previous | Next > |
Re: [suse-security] http proxy
- From: Boris Lorenz <bolo@xxxxxxx>
- Date: Fri, 07 Sep 2001 10:44:12 +0200 (MEST)
- Message-id: <XFMail.010907104412.bolo@xxxxxxx>
Yup,
On 07-Sep-01 Togan Muftuoglu wrote:
> Hi,
>
> First thx for quick responses.
>
> As Kurt suggests I know Squid is one of the best options. Yet as Phillip
> mentions with the amount of HD space I have, using Squid in combination
> of the cron jobs to regain HD space I agree the loss of performance will
> be less then the gain of control :-(. For the add blocking I thought of
> using ipchains as it mentions in the HOW-TO to gain space.
Squid has several options for tuning physical and memory-resident caches so you
shouldn't really need any cron jobs. However, if you want to speed up access to
certain files/downloads by creating a generous cache you may run out of disk
space... Why not putting in another HD, they're not too expensive at the mo! ;)
And what goes for blocking ads with ipchains, I wish you plenty of fun with
that... You will end up inserting new rules endlessly because most bigger
banner exchanger/direct marketer have many different IPs, and some sites can't
even be accessed when blocking connections from, say, valueclick.com or
doubleclick.net/.com . Unfortunately, the same applies to blocking ads/banners
with squid's ACLs.
> For the Internet connection it is currently ADSL with 256/64 serving 4
> PC's and in about 2 weeks time cable modem with 1024/256 will be added,
> expect more questions on firewalling dual routes :-),
>
> That was one of my condiderations of thinking about "tinyproxy". I never
> thought about Apache and I will have a look into it. What about Dante to
> be used for http proxying?
Dante... It's more of a firewalling thing, and IMHO too overblown to act as a
pure proxy. If your main intention is to block ads or prevent access to some
sites you may use junkbuster as well. It's easy to configure, quite efficient
and uses minimal ressources, although it lacks some of the more sophisticated
squid features.
> --
> Togan Muftuoglu
---
Boris Lorenz <bolo@xxxxxxx>
System Security Admin *nix - *nux
---
On 07-Sep-01 Togan Muftuoglu wrote:
> Hi,
>
> First thx for quick responses.
>
> As Kurt suggests I know Squid is one of the best options. Yet as Phillip
> mentions with the amount of HD space I have, using Squid in combination
> of the cron jobs to regain HD space I agree the loss of performance will
> be less then the gain of control :-(. For the add blocking I thought of
> using ipchains as it mentions in the HOW-TO to gain space.
Squid has several options for tuning physical and memory-resident caches so you
shouldn't really need any cron jobs. However, if you want to speed up access to
certain files/downloads by creating a generous cache you may run out of disk
space... Why not putting in another HD, they're not too expensive at the mo! ;)
And what goes for blocking ads with ipchains, I wish you plenty of fun with
that... You will end up inserting new rules endlessly because most bigger
banner exchanger/direct marketer have many different IPs, and some sites can't
even be accessed when blocking connections from, say, valueclick.com or
doubleclick.net/.com . Unfortunately, the same applies to blocking ads/banners
with squid's ACLs.
> For the Internet connection it is currently ADSL with 256/64 serving 4
> PC's and in about 2 weeks time cable modem with 1024/256 will be added,
> expect more questions on firewalling dual routes :-),
>
> That was one of my condiderations of thinking about "tinyproxy". I never
> thought about Apache and I will have a look into it. What about Dante to
> be used for http proxying?
Dante... It's more of a firewalling thing, and IMHO too overblown to act as a
pure proxy. If your main intention is to block ads or prevent access to some
sites you may use junkbuster as well. It's easy to configure, quite efficient
and uses minimal ressources, although it lacks some of the more sophisticated
squid features.
> --
> Togan Muftuoglu
---
Boris Lorenz <bolo@xxxxxxx>
System Security Admin *nix - *nux
---
| < Previous | Next > |