Just wanted to get a heads up here to ensure I'm heading in the right direction.
With firewall rules and default drops, it's fairly easy to say via IP:
HOST A allowed to HOST B
HOST C allowed to HOST D
So in the above instance, the default drop would prevent HOST C communicating with HOST A etc etc.
Now as we move away from the firewall and more towards the web proxy, doing the same would require the same number of rules:
HOST A allowed to HOST B
HOST C allowed to HOST D
Now, imagine if you have 80 servers that are only allowed to access certain sites.
Would you create a GLOBAL site rule ie all servers can talk to xyz sites?
Like so:
Rule 1: SERVER A can talk to ABC sites
Rule 2: SERVER B can talk to DEF sites
Rule 3: GLOBAL Allow sites
Bottom rule: Default DROP rule
This thread was automatically locked due to age.