Filter for a PM2 (fwd)

MegaZone (megazone@livingston.com)
Wed, 13 Nov 1996 21:12:18 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "port idle (fwd)"
Previous message: MegaZone: "Failure to Authenticate from time to time (fwd)"
Next in thread: Ryan Mooney: "Re: Filter for a PM2 (fwd)"

Once upon a time Christian Gatti shaped the electrons to say...
>to make their HTTP (port 80) traffic over this proxy server and not directly
>to the internet. Let's say the proxy's server address is 199.199.199.10
>
>But all the other internet services such as IRC, REALAUDIO, gopher; Telnet
>Rlogin, whois, NNTP etc... should be allowed to direclty access the internet.
>
>We plan to force only the HTTP traffic over the proxy as this is the only one
>which is cached on the proxy server.
>
>Do I need to restrict HTTP traffic to the proxy server only and then
>explicity allow
>ALL other services (such ass IRC, NNTP etc..) in the filter?

What you want is probably impossible in reality. Keep in mind I can
run httpd on *any* port. Even port 23, so if you allow telnet someone may
be able to do http too.

But you can block socket 80 on all but your proxy, then globally permit
the rest, and that will account for most traffic.

-MZ

--
Livingston Enterprises - Chair, Department of Interstitial Affairs
Phone: 800-458-9966 510-426-0770 FAX: 510-426-8951 megazone@livingston.com
For support requests: support@livingston.com  <http://www.livingston.com/> 
Snail mail: 6920 Koll Center Parkway  #220, Pleasanton, CA 94566

Next message: MegaZone: "port idle (fwd)"
Previous message: MegaZone: "Failure to Authenticate from time to time (fwd)"
Next in thread: Ryan Mooney: "Re: Filter for a PM2 (fwd)"