> Most sites that require the use of a proxy would not need anything more
> than the ability to specify a proxy for a particular protocol, plus a
> domain or domains to not proxy. I need specific examples if this doesn't
> work for your site so we can understand your needs.
Kevin, Thanks for your reply (and the new mechanism!)
If it allows for domains (plural: we use internal servers across several
different domains) they yes, it would fit _my_ site's needs.
> Actually, the proxy scheme is intended to be a complete replacement for
> SOCKS in the case of Web clients (reliance on HTTP), while SOCKS can
> continue to work for telnet and special ftp clients. There are numerous
> reasons for the SOCKS replacement, but I don't want to drag all of the
> reasons out on this list.
I'd be genuinely interested in them. You see, for me an advantage of
using SOCKS for all services is that it does give a unity of access
control and configuration. Adding further mechanisms for particular
protocols adds overheads in this respect and requires additional software
on a firewall host, where one wants as little as possible. Let people
choose SOCKS if they want.
Mind you, they can: After quick experiment, I found that if I SOCKSize a
CERN httpd, and direct the debug Win-Mosaic's proxy requests at that, I
can use my existing SOCKS transport well enough. (Nasty, eh? :-)
I.
(Tentative question: Have you thought of the `Firewalls' mailing list for
canvassing further, non-WWW opinion?)