On Sunday 11 November 2001 14.53, Ivan Menendez wrote:
> I need to install Squid to cache-proxy request of our Internet users. And
> I need to do this in the same box I have FW-1. Of course it?s not a matter
> of perfomance -the Fw-1 is over-dimensioned- but a matter of security....
> Any of you has a setup of this kind?. Any tip?.
If you absolutely think this is a good idea, then I'd recommend you to at
least make use of the chroot tag, and bind Squid to your inner interface
(http_port). Requires a bit of fiddling to get correct with all libraries
etc, but well worth it.
Regards
Henrik Nordström
Squid hacker
Received on Sun Nov 11 2001 - 19:45:09 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:02 MST