Firewall Wizards mailing list archives
Re: fwtk gone?
From: "Paul D. Robertson" <proberts () clark net>
Date: Mon, 1 Mar 1999 13:47:22 -0500 (EST)
On Mon, 1 Mar 1999, Bennett Todd wrote:
Apache, though it doesn't offer the same filtering oppertunities.If you're gonna lose the benefits of http-gw's applet filtering, and go for a far larger, more complex server, written for features and performance rather than for security, what's the incentive to use apache rather than squid?
mod_proxy really isn't that big, but of course it's a matter of local evaluation and experience. I haven't looked at harvest/squid for a long time, so I'm not aware of any incentive not to use it if it's what suits you. I find the Apache code moderately well-done, and fairly easy to modify to suit my needs where I use it. Also the code runs on any platform I support without a great deal of work, and also runs as a Web server on platforms I don't support. Building some trust in the application's use into platforms outside the security arena has some value to me (eg. AS/400, NT) as a long-term solution that scales to Linux/*BSD solutions as well should the need to switch Web server platforms surface. It also has a base ammount of support for external authentication modules that are fairly easy to modify, for instance adding uname/password RADIUS authentication to the proxy module took about 5 minutes (though I've still got cookie-based support to play with.) That said, if I had time, I'd go into a serious rewrite of parts of mod_proxy, but more for transfer behaviour and the ease of adding addtional filtering than anything. Http-gw isn't the prettiest code around, but it works well. If squid has some inherent design approach that makes it more palatable than Apache, I'd be interested in hearing about it, especially in the authentication and rewrite capabilities. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Re: fwtk gone? Bennett Todd (Mar 01)
- Re: fwtk gone? Paul D. Robertson (Mar 01)
- Re: fwtk gone? Bennett Todd (Mar 01)
- Re: fwtk gone? Eberhard Mattes (Mar 10)
- <Possible follow-ups>
- Re: fwtk gone? Joseph S D Yao (Mar 01)
- Re: fwtk gone? dreamwvr (Mar 02)
- Re: fwtk gone? Paul D. Robertson (Mar 01)