EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: Papoux on Wednesday 11 June 2008, 11:47:11 pm



Title: Transparent HTTP PROXY on ORANGE (DMZ)
Post by: Papoux on Wednesday 11 June 2008, 11:47:11 pm
Hi everybody,

I'm using EFW 2.2RC1.

Initially, I enabled transparent HTTP Proxy on GREEN, BLUE and ORANGE interfaces.
I activated it on ORANGE interface with the intention to secure my WEB server located on the DMZ.

I noticed that the Memory cache consumption was constantly increasing during the day and the bandwidth consumption increased on the RED interface only without corresponding increase on all other interfaces.  The IDS was reporting all sort of attacks against my WEB server and, that's what make me suspect that the HTTP Proxy might be trying to cache stuff from the Internet...  I was unable to access the HTTP cache log web page (probably too many items were cached and the script that generates the page simply timeout).

I deactivated the HTTP Proxy on the ORANGE interface, and the system now works properly and the proxy, memory consumption and traffic load are normal.

Question:
------------
How can I configure the proxy to protect my WEB server on the ORANGE (DMZ) interface without caching elements from or to this network?  I want simple coherency check and validation of authorized mime types on the ORANGE interface. On GREEN and BLUE, I want transparent HTTP Proxy with WEB caching.

Thanks,

Papoux ;-)