357
How to Build a Firewall
Host Access Rules Up to this point in the chapter, you have seen how the user interacts with the proxy. Now examine how you can alter the operation of the proxy by applying some host access rules. Some of these rules have been examined already, and are important enough to mention again. The host access rules may include optional parameters to further control the session. Some of these parameters include restricting the allowable functions. The rules and their parameters are included in table 7.13.
Table 7.13 Host Access Rules Option
Descriptions
Hosts host-pattern [host-pattern ...] [options] Permit-hosts host-pattern [host-pattern ...] options] Deny-hosts host-pattern [host-pattern ...]
Rules specify host and access permissions. Typically, a host rule will be in the form of: http-gw: deny-hosts unknown http-gw: hosts 192.33.112.* 192.94.214.*
-permit function -permit { function [function ...] }
Only the specified functions are permitted. Other functions will be denied. If this option is not specified, then all functions are initially permitted.
-deny function -deny { function [function ...] }
Specifies a list of Gopher/HTTP functions to deny.
-gopher server
Make server the default server for this transaction.
-httpd server
Makes server the default HTTP server for this transaction. This will be used if the request came in through the HTTP protocol.
-filter function -filter { function [function ...] }
Removes the specified functions when rewriting selectors and URLs. This rule does not stop the user from entering selectors that the client will execute locally but this rule can be used to remove them from retrieved documents.
p1vPHCP/nhb1
Internet Security Pro Ref 577-7
tricia 1-24-95
CH07
LP#2