[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: upgrading more then one box by downloading the files once!

On Tue, Aug 21, 2001 at 12:02:22AM +0200, "J?rgen A. Erhard" wrote:
> >>>>> "Karsten" == Karsten M Self <kmself@ix.netcom.com> writes:
> >>>>> "Dave" == Dave Carrigan <dave@rudedog.org> writes:
>     Dave> Also, if you prefer not to use a transparent cache (I
>     Dave> sometimes want to bypass squid), then you can install a
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>     Karsten> True.  But with a transparent proxy on your gateway
>     Karsten> there's *no* client or node configuration to be done to
>     Karsten> utilize it -- for any host served by that gateway.

Unless I'm mistaken, transparent gateways, due to their transparency,
can't be bypassed, which makes them unsuitable for Dave C's
preferences.  (Or mine.  As wonderful as junkbuster may be, it does
occasionally get a little overzealous with sites that, say, put
something other than ad banners into a /banner/ directory...)

> I'm not sure, but IIRC a proxy def (either by http_proxy or by
> configuring the app) works for *all* http accesses, no matter which
> port.

In general, the operation of application configurations and the use
of environment variables is highly application-specific.

> So, to really be transparent, you'd need to redirect all HTTP acesses
> to your firewall's cache.  Hmmm... can iptables analyze the protocol
> the connection is using?

Possible, but not likely.  The overhead involved would be
substantial and some protocols would be impossible to distinguish on
the fly.  (e.g., You use 'telnet someserver.com 80' with the intent
to make an HTTP request.  telnet client attempts normal telnet
handshaking because it doesn't know any better.  iptables sees
handshaking and assumes it's a telnet connection since it has no way
of knowing otherwise until after the connection is established and
you sent a GET.  Oops.)

-- 
With the arrest of Dimitry Sklyarov it has become apparent that it is not
safe for non US software engineers to visit the United States. - Alan Cox
"To prevent unauthorized reading..."         - Adobe eBook reader license
Reply to: