- From: Josh Cohen <joshco@microsoft.com>
- Date: Fri, 5 Jun 1998 21:38:00 -0700
- To: Carl-Uno Manros <carl@manros.com>, http-wg@cuckoo.hpl.hp.com
> -----Original Message----- > From: Carl-Uno Manros [mailto:carl@manros.com] > Sent: Friday, June 05, 1998 11:51 AM > To: http-wg@cuckoo.hpl.hp.com > Subject: MOD - What is a Firewall? > > > 1) Host address TCP/IP address > 2) Port number Default 80 for HTTP > 3) Protocol "http" for HTTP > 4) Method POST etc. for HTTP > 5) Content HTML etc. > Lets add a level, so its: 1) Host address TCP/IP address 2) Port number Default 80 for HTTP 3) Protocol "http" for HTTP 4) Method POST etc. for HTTP 5) Content-type text/HTML etc. 6) content body filtering (Firewall/proxy attempts to parse the IPP body) I wasnt sure if you meant for 5 to be my 5 or 6. Its much easier to filter by the http header content-type: than to parse the body and try to filter that way, although both can technically be done. Some proxies can filter the body content, it can, for example, strip unwanted HTML tags like embedded scripts or Java references. Though it is possible in these products, the task of parsing the bodies is such a performance hit, virtually no one uses it and proxy implementors tend to stick to the guideline that proxies do not parse the entity-body in HTTP. (At least the implementors I worked with)
Received on Friday, 5 June 1998 21:39:43 UTC