From owner-freebsd-hackers  Sun Feb 19 19:18:26 1995
Return-Path: hackers-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id TAA26620 for hackers-outgoing; Sun, 19 Feb 1995 19:18:26 -0800
Received: from moondance.np.ac.sg (moondance.np.ac.sg [153.20.24.69]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id TAA26598 for <hackers@freebsd.org>; Sun, 19 Feb 1995 19:18:03 -0800
Received: (from uucp@localhost) by moondance.np.ac.sg (8.6.9/8.6.9) id LAA19238 for <hackers%freebsd.org@mhub>; Mon, 20 Feb 1995 11:03:46 +0800
Message-Id: <199502200303.LAA19238@moondance.np.ac.sg>
Received: from titan.np.ac.sg(153.20.24.72) by moondance.np.ac.sg via smap (V1.3)
	id sma019223; Mon Feb 20 11:03:20 1995
Subject: Re: NCSA Httpd 1.3 for FBSD 1.1.5.1?
To: terry@cs.weber.edu (Terry Lambert)
Date: Mon, 20 Feb 1995 09:11:24 +0800 (SST)
From: SysAdmin - Ng Pheng Siong <lsys@np.ac.sg>
Cc: hackers@FreeBSD.org
In-Reply-To: <9502171720.AA19610@cs.weber.edu> from "Terry Lambert" at Feb 17, 95 10:20:41 am
X-Mailer: ELM [version 2.4 PL21]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Content-Length: 1156
Sender: hackers-owner@FreeBSD.org
Precedence: bulk


> Someone should note (so I will) that proxy use of the CERN httpd is
> very different than using it as a server itself.  Not that you can't
> do both, but I think maybe you can't do both with the same instance.

Yes, you can. I'm doing it right now.

BTW, there has been some concern regarding the security of CERN's bulky 
common library code, wrt running it on a firewall. Some one at Boulder 
is working on a simpler caching proxy. Can't recall off-hand, but I can dig 
the reference up if anyone cares.


> One typical proxy configuration is use of the 'term' socket tunneling
> across a link, since NetScape is not source recompilable for 'term'
> support.

On a LAN, Socks is preferred. 


> The typical recommended usage is on a firewall machine where outgoing
> connections are not allowed (perhaps without the knowledge that you
> can filter incoming packets without the response bit to allow outgoing
> connections without allowing incoming ones?).

Not all routers do that. Not everyone has control of their "outer" router(s).

Cheers.

- PS
-- 
Ng Pheng Siong * lsys@np.ac.sg * ngps@np.ac.sg 
Computer Centre, Ngee Ann Polytechnic, Singapore