Hello, might be off topic, but I'm searching for a reliable Reverse-Proxy for Our Web-Servers. As far as I know does Apache do the Job, but only for HTTP 1.0. Are there any other Solutions ? Or is the mod_proxy meanwhile updated ? Any Security-Hole's ? Thank you for your help. Franziskus
-----Original Message----- From: Kurt Seifried [mailto:listuser@seifried.org] Sent: Donnerstag, 13. September 2001 08:41 To: suse-security@suse.com Subject: [suse-security] re: http proxy
How is it a resource hog? You can tune it to be as lightweight or heavy as you want (personally I let it have 256 megs of ram and a gig of drive space and it's my personal proxy).
P.S.: use freaking text mail.
Kurt Seifried, kurt@seifried.org PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hello,
might be off topic, but I'm searching for a reliable Reverse-Proxy for Our Web-Servers.
A more correct term is HTTP accelerator (couldn't figure out your email initially =).
As far as I know does Apache do the Job, but only for HTTP 1.0. Are there any other Solutions ? Or is the mod_proxy meanwhile updated ?
Squid will pass HTTP 1.1 headers, Apache too. mod_proxy is updated in 1.2.
Any Security-Hole's ?
Yup. Misconfiguration is easy. I may be able to use your proxy to attack your internal network for example. Or anonymize my web surfing. If you do it be very restrictive and use firewalling on the accelerator machine to enforce what it should do (i.e. only talk to port 80 on internal www server).
Thank you for your help.
Franziskus
Kurt Seifried, kurt@seifried.org PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/
participants (2)
-
Kurt Seifried -
Scharpff@tembit.de