On Tuesday 13 July 2004 9:50 am, Gavin Hamill wrote:
> On Monday 12 July 2004 16:31, Antony Stone wrote:
> > How about *configuring* the clients so they use the proxy "properly"
> > instead of doing transparent redirection? Then you can keep the Squid
> > box on the same subnet as the clients, and still block people trying to
> > do TCP port 80 straight through the firewall (only one source IP is
> > allowed - the Squid box).
>
> The reason has been the desire to not have to ferry around dozens of
> machines configuring proxy settings, really. I'll certainly give the
> seperate-subnet idea some thought :)
Have you investigated proxy auto-configuration? Take a look at the Squid
documentation and you will learn how most browsers can be pointed at a .pac
file (possibly by being redirected by your firewall to a trivial webserver
running somewhere if they try to go direct - doesn't have to be the proxy
itself), and this will configure the proxy settings without a techie having
to go near the keyboard....
Regards,
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
