Re: How to best whitelist CDN deb.debian.org?

To: debian-user@lists.debian.org
Subject: Re: How to best whitelist CDN deb.debian.org?
From: Andy Smith <andy@strugglers.net>
Date: Wed, 19 Jan 2022 14:43:12 +0000
Message-id: <[🔎] 20220119144312.5pijpp5a2rrj3hen@bitfolk.com>
In-reply-to: <[🔎] 20220119142008.d2stq4ognfbfcpho@bitfolk.com>
References: <[🔎] CAHAfzD=DwgSBLaH=17EOLpmohXgxhqWYf5sxB-xtckEWiqUcWw@mail.gmail.com> <[🔎] 20220119142008.d2stq4ognfbfcpho@bitfolk.com>

On Wed, Jan 19, 2022 at 02:20:08PM +0000, Andy Smith wrote:
> If you have a secure network that must not be able to connect out to
> arbitrary web sites, I think you probably should be running a local
> proxy or Debian mirror outside of that network, then allowing your
> secure network to use that and that alone.

I forgot to add: a good option might be apt-cacher-ng which is
packaged in Debian.

You can list the sites that are allowed e.g. deb.debian.org and then
you'd set it as a proxy on the hosts in your secure network. They'd
only be able to download stuff from http://deb.debian.org/…; and
you'd get caching in there as a bonus. It would not be possible to
use it to contact any other site (by URL).

You can probably do a similar thing with other more general web
proxies like squid.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- How to best whitelist CDN deb.debian.org?
  - From: Andreas Ames <andreas.0815.qwertz@gmail.com>
- Re: How to best whitelist CDN deb.debian.org?
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: Re: How to best whitelist CDN deb.debian.org?
Next by Date: Re: cooperative.co.uk has address 127.0.0.1
Previous by thread: Re: How to best whitelist CDN deb.debian.org?
Next by thread: Chromium security updates
Index(es):
- Date
- Thread