Re: Squid acl access - neighbours & parents..

From: Edward Henigin <[email protected]>
Date: Thu, 5 Sep 1996 15:45:57 -0500 (CDT)

        you've got to be cracked.

        what current software systems do you know of that are that wide
open? innd? ircd? telnet? BGP? ospf?

        oh -- you run a web server, and you want to restrict access
to some parts of the web server. Are you going to suggest to netscape
that they remove acl from their web server, so your machine runs
faster, and you're just going to put packet level filtering on
the routers.

        Sorry, but what you're suggesting is nothing short of
an administration nightmare.

        consider, also, the case where there is no router in between
the client and the proxy host. How do you intend to implement
security there?

        router cpus are *far* more expensive than workstation
cpus. Just what exactly do you hope to gain?

        just my $0.02, you don't know what you're talking about.

        Ed

--
On Thu, 5 Sep 1996, Andrew Stesin wrote:
> 
> 	Just my $0.02...
> 
> 	I think it's way better to use packet filtering on the external
> 	router to do this, than overbloat Squid with the
> 	functionality not belonging to it.  Even more --
> 	all the source-IP-address-beased acl functionality
> 	might (should?) be done this way.
> 
Received on Thu Sep 05 1996 - 13:48:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:56 MST