Security World: firewall-wizards digest, Vol 1 #1647

Friday, August 12, 2005

firewall-wizards digest, Vol 1 #1647 - 6 msgs

Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com

You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."

Today's Topics:

1. Re: Filtering proxy for HTTP POST requests (Brenno Hiemstra)
2. Re: Filtering proxy for HTTP POST requests (Franchet Cyrille)
3. Cyberguard Firewall Throughput (Engwer, Sharon A)
4. Re: Filtering proxy for HTTP POST requests (Thomas Pollet)
5. RE: Filtering proxy for HTTP POST requests (Paul Melson)
6. Arch questions (Mike LeBlanc)

--__--__--

Message: 1
Date: Wed, 10 Aug 2005 16:20:32 +0200
From: Brenno Hiemstra <brenno.hiemstra@gmail.com>
To: Devdas Bhagat <devdas@dvb.homelinux.org>,
firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Filtering proxy for HTTP POST requests

One solution pops into my mind: Squid together with Dansguardian.
I dunno if it can do all the things you desire but its worth the look.

more information:

- http://www.squid-cache.org
- http://dansguardian.org

Google has a lot of information as well.
Good luck !

Brenno.

On 8/8/05, Devdas Bhagat <devdas@dvb.homelinux.org> wrote:
> Does anyone have suggestions/recommendations for a HTTP proxy (cheap/free=
)
> which can filter based on content. Preferably something capable of
> Bayesian analysis of content? It needs to work in ISP environments, so
> transparent proxy support would be ideal.
>=20
> Traffic to be filtered is outbound from the browser to the server.
>=20
> Thanks
> Devdas Bhagat
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

--__--__--

Message: 2
Date: Wed, 10 Aug 2005 16:32:38 +0200
From: Franchet Cyrille <cyrille.franchet@gmail.com>
To: Devdas Bhagat <devdas@dvb.homelinux.org>,
firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Filtering proxy for HTTP POST requests

Hi,

IMHO, you should look at mod_security with Apache. This module can
analysis POST data like you want to do :

www.modsecurity.org

Another product is sProxy by Deny All (a french society :
www.denyall.com) but it isn't free ...

Bye.

--=20
Cyrille Franchet

--__--__--

Message: 3
Date: Wed, 10 Aug 2005 19:17:39 -0500
From: "Engwer, Sharon A" <sharon.a.engwer@boeing.com>
To: <firewall-wizards@honor.icsalabs.com>
Subject: [fw-wiz] Cyberguard Firewall Throughput

Hi,

Does anyone have any experience with Cyberguard firewalls? We are
currently testing the Cyberguard firewalls and have noticed throughput
issues when transferring large files through the firewalls over a WAN
links.

Thanks for the help.

Sharon Engwer

--__--__--

Message: 4
Date: Thu, 11 Aug 2005 14:13:38 +0200
From: Thomas Pollet <thomas.pollet@gmail.com>
To: Devdas Bhagat <devdas@dvb.homelinux.org>,
firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Filtering proxy for HTTP POST requests

you could try snort inline with your custom ruleset

Greets,
Thomas

--__--__--

Message: 5
From: "Paul Melson" <pmelson@gmail.com>
To: "'Devdas Bhagat'" <devdas@dvb.homelinux.org>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] Filtering proxy for HTTP POST requests
Date: Thu, 11 Aug 2005 09:23:21 -0400

Squid (http://www.squid-cache.org/) will filter based on HTTP methods, as
well as lots of other things. Remember, though, that filtering on HTTP
methods like POST or HEAD is nearly useless if you don't deny the CONNECT
method.

PaulM

-----Original Message-----
Subject: [fw-wiz] Filtering proxy for HTTP POST requests

Does anyone have suggestions/recommendations for a HTTP proxy (cheap/free)
which can filter based on content. Preferably something capable of Bayesian
analysis of content? It needs to work in ISP environments, so transparent
proxy support would be ideal.

Traffic to be filtered is outbound from the browser to the server.

--__--__--

Message: 6
From: "Mike LeBlanc" <mlinfosec@comcast.net>
To: <firewall-wizards@honor.icsalabs.com>
Date: Thu, 11 Aug 2005 16:07:50 -0400
Subject: [fw-wiz] Arch questions

All,
I am currently planning a move (bring an oursourced hosting overseas to the
US). The basics are as follows

inet rtr -->segment-->fw--->BIG IP--->IPS---->web

The questions I have are:
1/ Someone has recently mentioned the idea of using private adressing
bewteen the inet rtr and the firewall, with
public adressing on the web. What are the pros and cons?

2/ I was under the impression that we used NAT to "hide" the webserver for
protection (obsfucation) as well as
the fw rules to protect it. Comments?

3/ My research shows I need to have specfic certs (Apache and one other) for
*each* webserver behind the Big IP.
Anyone have any experience with F5 Big ip 1500s?

Thanks in advance,
-ml

--__--__--

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

End of firewall-wizards Digest

Security World

Search This Blog

Friday, August 12, 2005

firewall-wizards digest, Vol 1 #1647 - 6 msgs

No comments: