Re: Need recomendations for https proxy that serves as a firewall proxy

To: "Haim Ashkenazi" <haim@babysnakes.org>
Cc: debian-security@lists.debian.org
Subject: Re: Need recomendations for https proxy that serves as a firewall proxy
From: ajm@ispgaya.pt
Date: Thu, 1 Jan 2004 23:26:18 -0000 (WET)
Message-id: <[🔎] 3040.213.22.157.109.1072999578.squirrel@webmail.ispgaya.pt>
In-reply-to: <bsup7d$a0f$1@sea.gmane.org>
References: <bsu54f$c5d$1@sea.gmane.org> <20031231140543.GE4559@nenya.lan> <20031231142845.GP6343@vnl.com> <bsup7d$a0f$1@sea.gmane.org>

Hi!! I really understand your problem. Sometimes we HAVE TO do what we
wouldn't never even think about... so, the best is to try to find the best
solution!!

In this particular case, my response was: twhttpd. No vulnerabilities
found (until now...), very well programmed, well documented, very
customizable, and production use qualities proved.

Hugs!



> Dale Amon wrote:
>
>> On Wed, Dec 31, 2003 at 03:05:43PM +0100, Richard Atterer wrote:
>>> On Wed, Dec 31, 2003 at 11:33:02AM +0200, Haim Ashkenazi wrote:
>>> > I have a client that have an exchange server inside the LAN and he
>>> > wants to access the web interface from the world. I thought I'll put
>>> a
>>> > transparent proxy server on the DMZ. apt-cache search proxy gave a
>>> few
>>> > options but except squid (which is a little overkill for this) I
>>> don't
>>> > know any of them (especially in terms of security) and I'm looking
>>> for
>>> > recommendations.
>>>
>>> Um, do I understand correctly that you want to allow access from the
>>> internet to a machine in your client's LAN? In that case, squid is
>>> indeed
>>> the wrong solution.
>>
>> I think they may be talking about MS Exchange Server.
>> The program I like to think of as "The Internet's
>> Answer to the Petrie Dish*"
> ;)
>
>>
>> I do not think I would use the words "Exchange Server"
>> and "Security" in the same breath.
> couldn't agree more. if only all my clients would feel this way...
>
>>
>> On the serious side, you probably could allow a port
>> redirect to that machine if there are no other web
>> services to be accessed.
> wouldn't port redirection allow direct access to the exchange server? I
> thought I would put something in the middle...
>
> it doesn't really matter what's on the other side. I thought that this
> setup
> (proxy firewall) would be more secure then direct access (even to
> apache...).
>
>
> thanx
> --
> Haim
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>

Reply to:

Prev by Date: Would this create a security problem?
Next by Date: Re: Need recomendations for https proxy that serves as a firewall proxy - THANX
Previous by thread: Re: Would this create a security problem?
Next by thread: Re: Need recomendations for https proxy that serves as a firewall proxy - THANX
Index(es):
- Date
- Thread