Firewall Wizards mailing list archives
Re: Open Source HTTP Proxy for Firewall?
From: "Jiri Rosenmayer" <jiri.rosenmayer () skynet cz>
Date: Thu, 21 Jun 2001 09:24:59 +0200
Jim,
We're using Gauntlet 4.x on for one of our corporate firewalls. We're having a problem with *one* particular web site. For some reason, clients from inside our building trying to use this site are running into all kinds of problems. (The site in question is http://www.abb-control.com if anybody's interested.) Page accesses, "hang", etc. Now I don't know what the problem is with this particular site and Gauntlet's HTTP proxy. Even Netscape 4.76 and wget, running on my Sun SPARC Solaris box here at home, with no HTTP proxy, have problems with it. I've asked in comp.infosystems.www newsgroups. No joy. I got mixed results from a question posted to the gauntlet-users mailing list--but no solutions.
Although I'm regular gauntlet-users reader I didn't catch it :-)) I've one solution for you without using another HTTP proxy. Create new plug-gw and bind it on address of the web-server on port 80. (At this time its address is 198.113.60.26, so bind address = 198.113.60.26, bind port = 80, destination address = 198.113.60.26, dest. port = 80. When client request this web, plug proxy receives the request going on this address and forward it. Because it plug proxy, it don't misinterpret the answer. For every other site, http-gw get the request. (You can be very tricky playing with transparancy on gauntlet on BSD/OS, because you can bind process on address which isn't any of the gauntlet addresses.) At least on 4.x on BSDI it will work. If you have Gantlet on Solaris, you have to do it other way because on Solaris transparency works differently. Jiri
Another one of our sites, using T.REX for a firewall, has no problems. (Yet one client in the problem building, when re-config'd to use the HTTP proxy in the other building [across our WAN], had problems. Go figure.) So what I'd like to do is try replacing http-gw on our Gauntlet firewall with another HTTP proxy. Does anybody know of any Open Source HTTP proxies that could be trusted in such a role? I've looked around, but haven't been able to identify a candidate. I'd try replacing http-gw with the generic plug-proxy, but I don't want to lose the Active-X and other filtering that http-gw gives us. Thanks In Advance, Jim -- Jim Seymour | PGP Public Key available at: jseymour () jimsun LinxNet com | http://www.uk.pgp.net/pgpnet/pks-commands.html http://jimsun.LinxNet.com | _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
------------------------------------------------------------------ Jiri Rosenmayer e-mail: Jiri.Rosenmayer () Skynet cz SkyNet a. s. http://www.pgp.cz PGP fingerprint: 1907 1F79 CC70 74EE FC55 F649 5651 33A4 50D4 ABB9 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Open Source HTTP Proxy for Firewall? Jim Seymour (Jun 18)
- Re: Open Source HTTP Proxy for Firewall? Jose Nazario (Jun 19)
- Re: Open Source HTTP Proxy for Firewall? ark (Jun 19)
- Re: Open Source HTTP Proxy for Firewall? Josef Pojsl (Jun 19)
- Re: Open Source HTTP Proxy for Firewall? Volker Tanger (Jun 21)
- Re: Open Source HTTP Proxy for Firewall? Pierre-Yves BONNETAIN (Jun 19)
- Re: Open Source HTTP Proxy for Firewall? Jiri Rosenmayer (Jun 21)
- <Possible follow-ups>
- RE: Open Source HTTP Proxy for Firewall? Bill Asher (Jun 19)