From owner-freebsd-questions@FreeBSD.ORG Mon Jun 2 14:58:00 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9CB0C1065676 for ; Mon, 2 Jun 2008 14:58:00 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.226]) by mx1.freebsd.org (Postfix) with ESMTP id 866528FC35 for ; Mon, 2 Jun 2008 14:58:00 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1096389rvf.43 for ; Mon, 02 Jun 2008 07:58:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; bh=dwALtdIJ/ucnScPnA10lK2p25vl/rWdTKdNIgIfZmJg=; b=PsIkpyH/bybiV1Im7Zj3ebatIQrSvsbBo6D54jb8ctZiOi9dsmObPKBkmB9NT2FEG0ORTCyOlagXwj6MxRISX7eKC2sJZLFCEE5WxT8AJqvIrrgr8UzVfBJU5nqDoAMCLuaxdDHPpUtEmLOjqnNyzkH9ZJEGlf0fv9wS+R249dg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=ZOQGGPB82HX76NrmiVehlGmCeAaz+B/KYg1PPruFWPCtViiZNPiiufKj+JS2TMxBdtDy22B73Olamyi8cfbboToyPJ2LM1p8Y294kQsCMzXQ+/EdkounnHc0U6lqeezJnSdbm5NepvwrsesYG6TfD3TzTw26sgdBRQwC9ZqzsNg= Received: by 10.141.68.5 with SMTP id v5mr4986665rvk.179.1212418679247; Mon, 02 Jun 2008 07:57:59 -0700 (PDT) Received: by 10.141.19.8 with HTTP; Mon, 2 Jun 2008 07:57:59 -0700 (PDT) Message-ID: <226ae0c60806020757w1e3c23f6v2b1a7792d196376d@mail.gmail.com> Date: Mon, 2 Jun 2008 10:57:59 -0400 From: "David Robillard" To: "Thomas Mullins" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: FreeBSD Questions Subject: Re: Reverse proxy recommendation X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2008 14:58:00 -0000 On Sat, 2008-05-31 at 10:26 -0400, Thomas Mullins wrote: > Hello, > > We have three internal web servers that we make accessible to the > internet. Right now we simply use pf and port redirection. Works > great. > > But, we would like to tighten up security. I know you can do this with > squid, apache and a few others. Could someone please make a > recommendation on what solutions they have used or seen in the past? > > Thanks > Shane You may want to check the www/varnish port. From the ports description: This is the Varnish high-performance HTTP accelerator. Documentation and additional information about Varnish is available on . Technical questions about Varnish and this release should be addressed to . Questions about commercial support and services related to Varnish should be addressed to . WWW: http://www.varnish-cache.org/ And from wikipedia: http://en.wikipedia.org/wiki/Varnish_cache I've never used it myself, but looks interesting since it's been created by Poul-Henning Kamp which is a major FreeBSD developer. HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122