Sorry that it wasn't clear. What I meant was that if you hack SQUID to
work with IE (non-RFC compliant browser), then other RFC compliant
browsers such as Firefox and Mozilla will go slow through SQUID.
However, IE will perform quickly with SQUID when these have been
applied. Basically, to make one thing work, you have to break another,
but if you are using IE6 only, the other browsers wouldn't matter.
You may try running an "unhacked" SQUID box and setting your IE6 under
Tools/Options/Advanced to "Use HTTP 1.1 through proxy connections."
This setting is under "HTTP 1.1." It is supposed to make IE6 RFC
compliant, but I have had mixed results using it.
Hope this helps,
Wayne
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m (at) subway (dot) com [email concealed]]
Sent: Sunday, January 09, 2005 8:41 PM
To: Gillo, Wayne; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: suggestions for proxy server to run on w2003 box..
Unfortunately we have to use IE6 as we have citrix apps which will not
run
under mozilla etc.
I might be a bit dense here but you said:
>> but since IE is not RFC compliant, it runs
slow using SQUID. There are hacks that you can do to make it perform
better, but then RFC compliant browsers run slowly...
So are you saying that both RFC compliant and NON-RFC compliant browsers
run
slow using Squid?
Thanks for the suggestions though--I'd heard a few good things about
wingate
and as we probably won't get past 50 in the office ever I may check it
out.
Murad
-----Original Message-----
From: Gillo, Wayne [mailto:wayne.gillo (at) dc3 (dot) mil [email concealed]]
Sent: Saturday, January 08, 2005 5:42 AM
To: Murad Talukdar; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: suggestions for proxy server to run on w2003 box..
Murad,
It depends on what browser you are planning to use. SQUID is an
excellent and free solution, but since IE is not RFC compliant, it runs
slow using SQUID. There are hacks that you can do to make it perform
better, but then RFC compliant browsers run slowly...
If you are entirely in a Microsoft environment, ISA works fine, but does
cost a bit ($1500 for ISA plus Windows to run it on). It will at least
work efficiently with IE as well as other browsers.
Wingate <http://www.wingate.com/product-wingate.php> is also an
excellent solution to look into. It's good for smaller environments and
you can download a trial version (30 days) to see if it fits your needs.
If you have a low count of users, it is more cost effective than ISA,
but can quickly escalate to be more expensive in a larger environment.
You could also look into an appliance with a built-in firewall/proxy
server such as the Borderware Firewall Server
<http://www.borderware.com/products/bfs/>. I have no idea what they
cost, but they have received the Common Criteria EAL4+ Certification.
Here's their spiel:
The First Certified Secure Firewall
For more than ten years, the BorderWare Firewall Server has secured
thousands of organizations around the globe. A Certified Secure
solution, the BorderWare Firewall Server was the first firewall to
achieve Common Criteria EAL 4+ certification. It is designed to secure
your company from network level threats and attacks that come from the
internet.
Powerful & Flexible Control
Based on S-Core(tm) OS, a hardened operating system, the Firewall Server
secures your organization with hybrid proxy technology, offering
powerful and flexible control over all inbound and outbound network
traffic.
Easy To Use
The BorderWare Firewall Server is easy to use, and has built-in logic to
protect organizations against mis-configuration - a common source of
security vulnerabilities. At the same time, the Firewall Server provides
maximum flexibility for the most stringent requirements.
Regards,
Wayne
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m (at) subway (dot) com [email concealed]]
Sent: Thursday, January 06, 2005 10:22 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: suggestions for proxy server to run on w2003 box..
Hi, I was hoping I could get some suggestions as to what kind of proxy
server would be best to use to control access (as well as be used as
proxy
server) for sharing a 2Mb connection. We have a LAN with 30-40 users and
need to control 10-15 of them to the point of only allowing certain
sites.
I was thinking of loading it onto a W2003 box.
I was thinking ISA but not sure if I can convince bean counters of the
benefit.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
Sorry that it wasn't clear. What I meant was that if you hack SQUID to
work with IE (non-RFC compliant browser), then other RFC compliant
browsers such as Firefox and Mozilla will go slow through SQUID.
However, IE will perform quickly with SQUID when these have been
applied. Basically, to make one thing work, you have to break another,
but if you are using IE6 only, the other browsers wouldn't matter.
You may try running an "unhacked" SQUID box and setting your IE6 under
Tools/Options/Advanced to "Use HTTP 1.1 through proxy connections."
This setting is under "HTTP 1.1." It is supposed to make IE6 RFC
compliant, but I have had mixed results using it.
Hope this helps,
Wayne
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m (at) subway (dot) com [email concealed]]
Sent: Sunday, January 09, 2005 8:41 PM
To: Gillo, Wayne; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: suggestions for proxy server to run on w2003 box..
Unfortunately we have to use IE6 as we have citrix apps which will not
run
under mozilla etc.
I might be a bit dense here but you said:
>> but since IE is not RFC compliant, it runs
slow using SQUID. There are hacks that you can do to make it perform
better, but then RFC compliant browsers run slowly...
So are you saying that both RFC compliant and NON-RFC compliant browsers
run
slow using Squid?
Thanks for the suggestions though--I'd heard a few good things about
wingate
and as we probably won't get past 50 in the office ever I may check it
out.
Murad
-----Original Message-----
From: Gillo, Wayne [mailto:wayne.gillo (at) dc3 (dot) mil [email concealed]]
Sent: Saturday, January 08, 2005 5:42 AM
To: Murad Talukdar; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: suggestions for proxy server to run on w2003 box..
Murad,
It depends on what browser you are planning to use. SQUID is an
excellent and free solution, but since IE is not RFC compliant, it runs
slow using SQUID. There are hacks that you can do to make it perform
better, but then RFC compliant browsers run slowly...
If you are entirely in a Microsoft environment, ISA works fine, but does
cost a bit ($1500 for ISA plus Windows to run it on). It will at least
work efficiently with IE as well as other browsers.
Wingate <http://www.wingate.com/product-wingate.php> is also an
excellent solution to look into. It's good for smaller environments and
you can download a trial version (30 days) to see if it fits your needs.
If you have a low count of users, it is more cost effective than ISA,
but can quickly escalate to be more expensive in a larger environment.
You could also look into an appliance with a built-in firewall/proxy
server such as the Borderware Firewall Server
<http://www.borderware.com/products/bfs/>. I have no idea what they
cost, but they have received the Common Criteria EAL4+ Certification.
Here's their spiel:
The First Certified Secure Firewall
For more than ten years, the BorderWare Firewall Server has secured
thousands of organizations around the globe. A Certified Secure
solution, the BorderWare Firewall Server was the first firewall to
achieve Common Criteria EAL 4+ certification. It is designed to secure
your company from network level threats and attacks that come from the
internet.
Powerful & Flexible Control
Based on S-Core(tm) OS, a hardened operating system, the Firewall Server
secures your organization with hybrid proxy technology, offering
powerful and flexible control over all inbound and outbound network
traffic.
Easy To Use
The BorderWare Firewall Server is easy to use, and has built-in logic to
protect organizations against mis-configuration - a common source of
security vulnerabilities. At the same time, the Firewall Server provides
maximum flexibility for the most stringent requirements.
Regards,
Wayne
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m (at) subway (dot) com [email concealed]]
Sent: Thursday, January 06, 2005 10:22 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: suggestions for proxy server to run on w2003 box..
Hi, I was hoping I could get some suggestions as to what kind of proxy
server would be best to use to control access (as well as be used as
proxy
server) for sharing a 2Mb connection. We have a LAN with 30-40 users and
need to control 10-15 of them to the point of only allowing certain
sites.
I was thinking of loading it onto a W2003 box.
I was thinking ISA but not sure if I can convince bean counters of the
benefit.
Thanks
Kind Regards
Murad Talukdar
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]