[Nottingham] apache or squid for proxying?
Jim Moore
jmthelostpacket at googlemail.com
Wed Oct 14 23:38:59 UTC 2009
Martin wrote:
> Martin wrote:
>
>> Mike Cardwell wrote:
>>
>>> Mike Cardwell wrote:
>>>
>>>
>>>>> The difference is this. A java applet can only make a straight tcp
>>>>> socket connection to the web server it came from, to prevent obvious
>>>>> abuse vectors.
>>>>>
>>>>> If you have a transparent web proxy, it can connect to any web server it
>>>>> chooses.
>>>>>
>>>> Here's a description of the issue: https://www.kb.cert.org/vuls/id/435052
>>>>
>
> Crazy thought... Would a transparent proxy that then works through a
> non-transparent proxy defeat that exploit?
>
> PCs -- (lan) --> transparent proxy ----> proxy (& gateway) ----> internet
>
> You then still get the advantage of not having to change any settings on
> the PCs already set up on an internal network.
>
> Cheers,
> Martin
>
>
strikes me as a nine-lever deadlock on a four inch thick door, with the
key under the mat.
The gateway would need to be open to any port the transparent proxy
requires. The hole is still there.
--
Are more people violently opposed to wearing fur than leather because it's easier to harass rich women than motorcycle gangs?
More information about the Nottingham
mailing list