RE: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 16 Apr 2009 11:56:36 +1200 (NZST)

> That would solve this problem, but by forcing the use of a proxy, we get
> better control of the web traffic. It also allows us to use group policy
> to block access to setting the proxy for users not allowed to browse the
> web, without jumping through hoops required to setup authentication on the
> proxy server. We can't just block access to IE, because these users do
> need access to intranet applications. Currently there are only a couple
> of users that have laptops and access sites that have this problem the
> others are on desktops, and setting them to use the configuration script
> is a onetime deal. Even these users are a very small percentage probably
> only around 2% of all users.
> Setting up a transparent proxy with authentication to stop the users not
> allowed internet access would have an impact on the other 98% of users who
> work just fine with the auto detect settings.

Overlooking the fact you can't do www auth on transparent proxies. You can
do IP-validation and such authorizations only.

> Of course if Sun just
> implemented an auto detect option in the Java Runtime Environment proxy
> settings, all my problems would just go away.

:)

Amos

>
> Thanks,
> Dean Weimer
> Network Administrator
> Orscheln Management Co
>
> -----Original Message-----
> From: Hunter Fuller [mailto:hackmiester_at_gmail.com]
> Sent: Wednesday, April 15, 2009 11:25 AM
> To: Dean Weimer; squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Using Squid as a proxy to change network
> devices' properties instead of web broswers'?
>
> You can't do transparent proxying here?
> -hackmiester
> Too short? http://five.sentenc.es/
>
>
>
> 2009/4/15 Dean Weimer <dweimer_at_orscheln.com>:
>> Interesting, saw this and thought that it might solve some problems I
>> have been having with applications that import settings from the
>> browser, but don't work with auto detect. I thought I would try this on
>> Vista, of course it doesn't exist, but there is a replacement.
>>
>> In Vista (of course you have to run as admin):
>> To Display current setting:
>> netsh winhttp show proxy
>> To import form IE:
>> netsh winhttp import proxy source=ie
>> (Does anyone know if you can use a different source?)
>> To manually set it:
>> netsh winhttp set myproxy:port "<local>;localsite1;localsite2;..."
>> To Set back to direct:
>> netsh winhttp reset proxy
>>
>> Also I noticed that it imports no proxy if you are set to use a script
>> or automatically detect, the proxycfg in XP still pulls the manual
>> configuration even after I set it to auto detect. It was set to manual
>> configuration the first time I ran the command, so it appears to not
>> look at the current settings but looks at what is in the registry for
>> the manual configuration whether or not it is currently enabled.
>>
>> In XP:
>> To Display Current Settings:
>> proxycfg -d
>> To Import from IE:
>> Proxycfg -u
>> To Manually Set:
>> Proxycfg -p myproxy:port "<local>;localsite1;localsite2;..."
>>
>> Looks like under my environment I will have to use the manual set
>> options to possibly solve the issue, the main problem I have found is
>> that Java doesn't seem to work correctly if the browser is configured
>> for auto detect, it will work however, if the browser is set to use a
>> specific configuration script, or a manually configured proxy. Both of
>> these options however do require the user to change settings if they
>> have a laptop and try to use it outside of our network.
>> Guess if this command fixes the problem I can look at writing a startup
>> script to detect if they are on our local LAN or not and set it to
>> direct or a manual proxy depending on the result, then push this script
>> to clients with group policy.
>>
>> Thanks,
>> Dean Weimer
>> Network Administrator
>> Orscheln Management Co
>>
>> -----Original Message-----
>> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
>> Sent: Wednesday, April 15, 2009 7:32 AM
>> To: Phillip Pi
>> Cc: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Using Squid as a proxy to change network
>> devices' properties instead of web broswers'?
>>
>> Phillip Pi wrote:
>>> Hello.
>>>
>>> I got Squid v2.7 stable 6 installed and working in a Windows XP Pro.
>>> SP2
>>> machine, with its IIS, as a proxy server. I can make clients' web
>>> browsers (e.g., IE and Firefox in Windows XP), go through this proxy
>>> server with no problems.
>>>
>>> I am wondering if I can use Squid to do the same proxy for network
>>> devices (e.g., onboard network). I would like to be able to set up PCs'
>>> Internet access instead of web browsers.
>>>
>>> Thank you in advance. :)
>>
>> The use of Squid as HTTP proxy is limited only individual app or devices
>> capabilities.
>>
>> On windows XP the command "proxycfg -u" IIRC is sufficient to get the
>> MS-produced apps using the same settings as IE, whether they are proxy
>> or not.
>>
>> I've heard tell of people using ActiveDirectory to push out proxy
>> settings to all machines in a controlled network environment, mayhap an
>> expert on that will say how if you need it.
>>
>> Other devices and apps you will have to check out individually and see
>> what can be done.
>>
>> As a fallback for the really limited apps there is always interception
>> at the network gateway device. Though this has a whole other set of
>> problems and should only be considered as a last resort.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>> Current Beta Squid 3.1.0.7
>>
>
Received on Wed Apr 15 2009 - 22:56:38 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 16 2009 - 12:00:01 MDT