httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Vaughan" <david.vaug...@satemail.com>
Subject RE: [users@httpd] Locking down a proxy server
Date Mon, 23 Mar 2009 09:28:39 GMT

Davide Bianchi wrote:
>Use your local firewall to implement a transparent proxy, configure
each
>local proxy to forward his request to the main proxy on a special port,
>filter on the main proxy with that port only and implement certificate
>authentication between the local and the central proxy. See the
>documentation of the proxy server. DO NOT USE apache for this.
>
>An alternative is to implement a VPN between the local offices and the
>central one and have the proxy only talks over the VPN.

Yes, the local firewall is a transparent proxy using a special port
which is 
filtered at head office.  

As the local offices are international I was reluctant to employ SSL
technology 
because of the associated import/export restrictions.  Also, I'm not
sure why you 
emphasise not to use Apache.

A VPN would be nice, but some of the connectivity will be via limited
bandwidth 
satellite connections, so I do not see this as a way forward.

Dave



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message