lists-squid@xxxxxxxxxxxxx wrote:
I know it's possible (and perhaps written in stone in an RFC) to have
the
client maintain a proxy exclusion list, but that would be unmanageble in
this sort of setup.
Is it? You use a centrally provided proxy.pac to control the browser.
You don't need a complete whitelist in the proxy.pac, just sufficient to
avoid wasting too much bandwidth.
Thanks for your response.
I've done a bit of digging around but have found little info on
proxy.pac files. Can i assume, before i do more digging around, that I
can put an exclusion list in a .pac file, and have squid push it
transparently to each web browser client upon first http request?
No. Each browser must be setup to load the .pac itself. WPAD with
DNS/DHCP can be used to push .pac to the browser but the method was
never standardised and each browser is still different.
The
transparency is important, as getting each user to configure their
browser is out of the question in this setup.
Then you will need to test the WPAD methods and give your users
instructions and hope they follow them.
I can already see problems
with exclusion lists becoming large enough to take a substantial time to
download to the clients.
You started having troubles the moment you started having customers.
Welcome to the world of network admins.
Again, one could imagine an proxy exclusion list held on the squid
server, that when a URL request is received by squid, if it matches the
exclusion list, squid could answer "go directly to destination", but i
doubt that is part of the http-proxy protocol.
cheers
Jack
