[Nottingham] apache or squid for proxying?
Martin
martin at ml1.co.uk
Wed Oct 14 16:58:47 UTC 2009
Mike Cardwell wrote:
[---]
> I don't know. Do any ISPs use transparent web proxies anymore?
(transparent) proxy != web cache somewhere on ISP network?
Is this no longer used:
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/trancache.html#ntl
Or what do ISPs do to cache often hit sites outside of their network? Or
don't they?
?
>> Wouldn't a simple firewall rule to block direct connects to the proxy IP
>> address thwart such maliciousness?
>
> That's the thing. The java app isn't making a direct connection to the
> proxy IP. It is making a direct connection to the only IP it is allowed
> to, the IP of the web server it came from. It is the fact that a
> transparent proxy intercepts that connection which is what causes the hole.
OK, so:
rogue website ---- proxy ---- home PC
and so the java script running on the home PC uses that home PC as a
proxy for the rogue website to do further nasties to the rest of the
world anonymously... OK, but how is that any different for whether the
proxy is there or not?
Or is that just an example of something the proxy /cannot/ protect against?
Cheers,
Martin
--
----------------
Martin Lomas
martin at ml1.co.uk
----------------
More information about the Nottingham
mailing list