Firewall Wizards mailing list archives

Re: fwtk gone?

From: "Paul D. Robertson" <proberts () clark net>
Date: Mon, 1 Mar 1999 13:47:22 -0500 (EST)

On Mon, 1 Mar 1999, Bennett Todd wrote:

Apache, though it doesn't offer the same filtering oppertunities.


If you're gonna lose the benefits of http-gw's applet filtering, and go for a
far larger, more complex server, written for features and performance rather
than for security, what's the incentive to use apache rather than squid?


mod_proxy really isn't that big, but of course it's a matter of local
evaluation and experience.  I haven't looked at harvest/squid for a long
time, so I'm not aware of any incentive not to use it if it's what suits
you.  I find the Apache code moderately well-done, and fairly easy to
modify to suit my needs where I use it.  Also the code runs on any
platform I support without a great deal of work, and also runs as a Web
server on platforms I don't support.  Building some trust in the
application's use into platforms outside the security arena has some value
to me (eg. AS/400, NT) as a long-term solution that scales to Linux/*BSD
solutions as well should the need to switch Web server platforms surface.
It also has a base ammount of support for external authentication modules
that are fairly easy to modify, for instance adding uname/password RADIUS
authentication to the proxy module took about 5 minutes (though I've still
got cookie-based support to play with.)

That said, if I had time, I'd go into a serious rewrite of parts of
mod_proxy, but more for transfer behaviour and the ease of adding
addtional filtering than anything.  

Http-gw isn't the prettiest code around, but it works well.  If squid has
some inherent design approach that makes it more palatable than Apache,
I'd be interested in hearing about it, especially in the authentication
and rewrite capabilities.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

Current thread:

Re: fwtk gone? Bennett Todd (Mar 01)
- Re: fwtk gone? Paul D. Robertson (Mar 01)
  - Re: fwtk gone? Bennett Todd (Mar 01)
  - Re: fwtk gone? Eberhard Mattes (Mar 10)
- <Possible follow-ups>
- Re: fwtk gone? Joseph S D Yao (Mar 01)
- Re: fwtk gone? dreamwvr (Mar 02)