W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

RE: MOD - What is a Firewall?

From: Josh Cohen <joshco@microsoft.com>
Date: Fri, 5 Jun 1998 21:38:00 -0700
Message-Id: <8B57882C41A0D1118F7100805F9F68B503E2BA35@red-msg-45.dns.microsoft.com>
To: Carl-Uno Manros <carl@manros.com>, http-wg@cuckoo.hpl.hp.com


> -----Original Message-----
> From: Carl-Uno Manros [mailto:carl@manros.com]
> Sent: Friday, June 05, 1998 11:51 AM
> To: http-wg@cuckoo.hpl.hp.com
> Subject: MOD - What is a Firewall?
> 
> 
> 1) Host address    TCP/IP address
> 2) Port number     Default 80 for HTTP
> 3) Protocol        "http" for HTTP
> 4) Method          POST etc. for HTTP
> 5) Content         HTML etc.
> 
Lets add a level, so its:

 1) Host address    TCP/IP address
 2) Port number     Default 80 for HTTP
 3) Protocol        "http" for HTTP
 4) Method          POST etc. for HTTP
 5) Content-type       text/HTML etc.
 6) content body filtering (Firewall/proxy attempts to parse the IPP body)

I wasnt sure if you meant for 5 to be my 5 or 6.
Its much easier to filter by the http header content-type: than
to parse the body and try to filter that way, although both can
technically be done.

Some proxies can filter the body content, it can, for example,
strip unwanted HTML tags like embedded scripts or Java references.
Though it is possible in these products, the task of parsing
the bodies is such a performance hit, virtually no one uses it
and proxy implementors tend to stick to the guideline that proxies
do not parse the entity-body in HTTP.
(At least the implementors I worked with)
Received on Friday, 5 June 1998 21:39:43 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:18 EDT