zillah
June 8th, 2006, 05:32 AM
I have got this scenario from Forouzan Book "Data Communications and Networking" 3ed
http://highered.mcgraw-hill.com/sites/0072515848/
student_view0/chapter31/powerpoint_slides.html
He says in page 851 :
"When the user client process sends a message, the proxy firewall runs a server process to receive the request. The server (I said it is the HTTP proxy )opens the packet at the application level and finds out if the request is ligitimate. If it is, the server acts as a client process and sends the message to the real server (I said it is the HTTP Sever) in the corporation. If it is not, the message is dropped and an error message is sent to the external user. Figure 31.11 shows a proxy firewall implementation".
http://img234.imageshack.us/img234/1307/proxyfirewallforouzanch310bc.jpg
http://img234.imageshack.us/img234/1307/proxyfirewallforouzanch310bc.th.jpg (http://img234.imageshack.us/my.php?image=proxyfirewallforouzanch310bc.jpg)
If the "proxy firewall" device by itself can filter (check ) a packet by investigating the application layer for the packet , why do I need to send the packet to the HTTP proxy ?
http://highered.mcgraw-hill.com/sites/0072515848/
student_view0/chapter31/powerpoint_slides.html
He says in page 851 :
"When the user client process sends a message, the proxy firewall runs a server process to receive the request. The server (I said it is the HTTP proxy )opens the packet at the application level and finds out if the request is ligitimate. If it is, the server acts as a client process and sends the message to the real server (I said it is the HTTP Sever) in the corporation. If it is not, the message is dropped and an error message is sent to the external user. Figure 31.11 shows a proxy firewall implementation".
http://img234.imageshack.us/img234/1307/proxyfirewallforouzanch310bc.jpg
http://img234.imageshack.us/img234/1307/proxyfirewallforouzanch310bc.th.jpg (http://img234.imageshack.us/my.php?image=proxyfirewallforouzanch310bc.jpg)
If the "proxy firewall" device by itself can filter (check ) a packet by investigating the application layer for the packet , why do I need to send the packet to the HTTP proxy ?