Bernie,
> I'd like to use Squid for filtering java applets.
>
> Any idea how to realise it?
>
> Yes, Squid is a proxy cache, not a police man, but maybe someone knows
> an add-on or an http proxy specialized for java applet filtering could
> be contacted upwards.
One way of achieving this is to use Trusted Information Systems' Firewall
Toolkit (FWTK) - it's rather old but does the job !!!
For information on downloading the toolkit, etc. see:
http://www.fwtk.org/fwtk/download/downloading.html#1.1
You will need to ensure that you check through the list of patches and
definitely install this one (otherwise you WILL encounter the javascript
quoting bug):
http://www.fwtk.org/fwtk/patches/patches.html#1.1
You will then need to set the http-gw as squid's parent and tell the
http-gw what to filter - javascript / java / activeX.
You will have to add something similar to the following to the
netperm-table file:
http-gw: permit-hosts 127.0.0.1 -nojava -noactivex
We are successfully using this to block both activeX and java applets.
Any sites that we trust go into squid's always_direct allow list.
Hope this helps.
Neil.
-- Neil Hillard hillardn@whl.co.uk Westland Helicopters Ltd. http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.Received on Thu Jul 10 2003 - 07:07:05 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:54 MST