Specifications
Squid
Squid is an HTTP proxy that offers extensive configuration options. Con-
trol over the network clients’ access to the web is implemented by means of
ACLs (access control lists).
The internal HTTP proxy Squid can be configured to be either transparent or
non-transparent. In non-transparent mode, the protocols http, https, and
ftp are supported. In transparent mode, only http is supported.
More detailed information about Squid can be found in Proxy Server: Squid
on page 167.
httpf, tinyproxy
The application httpf is responsible for content filtering. It is not actually a
proxy. Proxy functionality is supplied by the program tinyproxy.
It is more specifically a filtering proxy that can prevent downloading and ex-
ecuting program code. This is done by forwarding only known and benign
language elements to the web browser. Even the HTTP header entries can be
filtered so that, for instance, no information can be posted to the server via
the client host’s operating system. The configuration can be generated using
FAS on the Adminhost.
FTP Proxy
FTP service is split up into two channels. One is the internal connection to
the outside. The other is the external connection to the inside or DMZ.
Internal to External
Decide which users of the intranet may access FTP servers in the Internet and
via which connections. Normally, the internal FTP proxy remains transparent
— the FTP clients from the internal network are automatically forwarded to
this proxy, which then sends the requests to the FTP server.
Magic User
Enables the user name, the host, and the destination FTP server’s port to
provide (e. g., user@ftp.firma.com:2345) — automatic execution of the
USER command.
Magic Char
Magic char is an option with which the user can specify the destination FTP
server and its port himself.
124 Services on the Firewall