RE: [fw-wiz] Question on web proxy architecture

From: "Paul Melson" <pmelson@xxxxxxxxx>
Date: Tue, 21 Feb 2006 09:51:20 -0500

-----Original Message-----
Subject: RE: [fw-wiz] Question on web proxy architecture

The AV is a separate entity on the same subnet

The AV is forwarded all uncached content from the proxy via the ICAP

protocol.

As i understand it, the AV just responds to the proxy not the client.

This sounds like a pretty flexible solution. If both proxies are
single-homed, the web proxy can suffer performance problems since it will
handle each request and response 2 or 3 times on a single interface. If
it's 100TX and the Internet connection is a 1.5Mbps T1, it won't be a
problem, but you get the idea.

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Prev by Date: Re: [fw-wiz] parsing logs ultra-fast inline
Next by Date: [fw-wiz] HTTP Proxy stripping actions
Previous by thread: Re: [fw-wiz] parsing logs ultra-fast inline
Next by thread: [fw-wiz] HTTP Proxy stripping actions
Index(es):
- Date
- Thread

Relevant Pages

Re: [fw-wiz] How automate firewall tests
... Really - the majority of applications out there have no real ... layer 7 level proxy so you have to tackle the problem from other ... protocol, just a feature set driven by a bunch of commands ... that packet-oriented firewalls suck is because they're locked ...
(Firewall-Wizards)
Advice on writing an instant messaging proxy
... the next time the user connects to the proxy. ... disconnection to the AIM (or whatever other chat protocol) server, ... client to server as if client was always connected, ...
(comp.programming)
Advice on writing an instant messaging proxy
... the next time the user connects to the proxy. ... disconnection to the AIM (or whatever other chat protocol) server, ... client to server as if client was always connected, ...
(comp.unix.programmer)
RE: [Full-Disclosure] Sidewinder G2 Thanks and a question or two
... >>the HTTP proxy a generic proxy in function. ... >>violation style attacks weren't blocked at all. ... DNS, SQL*Net proxies for protocol violations, overlly long headers ... There are, of course, limitations in the proxies and won't stop all attacks, ...
(Full-Disclosure)
Re: [fw-wiz] i-cap proposals
... POP3 is the insane mail protocol. ... > proxying and scanning the content is much easier with stupid protocols. ... > message which hasn't been scanned is fetched, do a full fetch in the proxy ... If you trigger a scan on a header fetch, ...
(Firewall-Wizards)