Jeff Peng wrote:
在 2010-02-08一的 22:14 -0300,Alejandro Facultad写道:
Dear all, I have a webmail which must be accesed by users from another
network.
The content of the webmail is not static obviously, so the content caching
is not an advantage here. Also the webmail is just one server, not load
balancing is important here.
So are there any security advantage of using a Squid as a reverse proxy in
front of my webmail ??? Because I can't see any security benefit...
DDoS reduction? Squid raises your server traffic threshold for DDoS
attack before it falls over by several order of magnitude.
Then there is the source security controls Jeff points out below.
At some points you can consider Squid as an application firewall, and
setup some rules like:
acl badip src 192.168.0.100
http_access deny badip
acl badsite referer_regex -i qq.com
http_access deny badsite
acl badconn maxconn 20
http_access deny badconn
acl badbrow browser -i Sosospider
http_access deny badbrow
Those may help improve some security,but it depends...
Squid is just a cache, if you don't need the cache feature, you may not
want to use it.
"just a cache" ha!
It's a general-use HTTP proxy. Doing load balancing, full set of CDN
features for HTTP-as-service, HTTP flow redirection/reflection,
bandwidth shaping, caching, HTTP security, and protocol conversion.
I'm sure I've left off a bunch of things too.
But yes, I see the point, Squid might not be _that_ beneficial for a
single load-critical non-cachable app.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23
Current Beta Squid 3.1.0.16
