Re: [squid-users] Squid: reverse proxy security advantages

From: Jeff Peng <jeffpeng_at_netzero.net>
Date: Tue, 09 Feb 2010 11:14:31 +0800

在 2010-02-08一的 22:14 -0300,Alejandro Facultad写道:
> Dear all, I have a webmail which must be accesed by users from another
> network.
>
>
> The content of the webmail is not static obviously, so the content caching
> is not an advantage here. Also the webmail is just one server, not load
> balancing is important here.
>
>
> So are there any security advantage of using a Squid as a reverse proxy in
> front of my webmail ??? Because I can't see any security benefit...

At some points you can consider Squid as an application firewall, and
setup some rules like:

acl badip src 192.168.0.100
http_access deny badip

acl badsite referer_regex -i qq.com
http_access deny badsite

acl badconn maxconn 20
http_access deny badconn

acl badbrow browser -i Sosospider
http_access deny badbrow

Those may help improve some security,but it depends...
Squid is just a cache, if you don't need the cache feature, you may not
want to use it.

-- 
Jeff Peng
Email: jeffpeng_at_netzero.net 
Skype: compuperson
Received on Tue Feb 09 2010 - 03:16:34 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 09 2010 - 12:00:04 MST