IPP> RE: MOD - What is a Firewall?

IPP> RE: MOD - What is a Firewall?

Josh Cohen joshco at microsoft.com
Tue Jun 9 15:07:19 EDT 1998


> 
> What I intended at 5), was that the first few bytes of the content 
> is read, which in most cases is enough to determine the kind of
> content that follows. It would be a really bad idea to try to read the
> WHOLE content.
> 
I agree, reading the whole content is 'bad', but
it is being done today.  (tag filtering)
So, I think its important to distinguish filtering
by content-type (the header) and entity body
based filtering (like tag filtering).


Content-type filtering doesnt necessarily imply
parsing the body, but could include the sniffing
of the first few bytes.  Sounds like the way unix
does things with /etc/magic.


The final part, tag filtering, is when the proxy
parses and presumably understands the content type.
So, a proxy might see text/html, then invoke
an html parser to complete the filtering.
This very expensive and likely to be resisted
by admins, however it is being used today in certain
cases where it is justified.



More information about the Ipp mailing list