Re: Integrating Squid in a firewall setup

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 24 Mar 1999 00:53:08 +0100

Juan Carlos Castro y Castro wrote:

> What bad can happen in this case? Doesn't squid refuse the connection
> request instantly if it comes from an acl-forbidden address?

ACL processing occurs rather late in the processing of requests, after
requests have been decoded and a number of other things which occur
prior to contacting the next hop. Also Squid ACL processing is fairly
complex by nature. Compared to the average code used in a firewall Squid
is huge with theoretically much more opportunities for errors,
especially if you add to the fact that firewall code is usually
througtfully audited, while Squid is not.

--
Henrik Nordstrom
Spare time Squid hacker
Received on Tue Mar 23 1999 - 17:28:22 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:23 MST