I got a user (whom I can trust) who uses an explicit proxy configuration
: there are no improvments.
The pac we use is mostly made of a huge "if" which instruct user's
browser to bypass the proxy and to go direct to some servers.
Here is the pac :
function FindProxyForURL(url,host) {
if (
(
!(
host.indexOf('www.ifp.fr') == 0
|| host.indexOf('validation.ifp.fr') == 0
|| host.indexOf('project.ifp.fr') == 0
|| host.indexOf('ogst.ifp.fr') == 0
)
)
&&
(
isPlainHostName(host)
|| host.match('.ifp.fr')
|| host.match('.cegedim-srh.com')
|| host.match('.cegedim-srh.net')
|| host.match('.private.cegedim.com')
|| host.match('graphidoc.cvp.fr')
|| host.match('127.0.0.1')
|| host.match('192.168.9.204')
|| host.match('172.16')
|| host.match('172.17.2')
|| host.match('172.17.3')
|| host.match('172.20')
|| host.match('172.29')
|| host.match('172.30')
|| host.match('172.31')
|| host.match('192.168.1')
|| host.match('156.118')
|| host.match('83.173.66.219')
|| host.match('89.148.17.193')
|| host.match('194.5.133')
|| host.match('194.5.134')
|| host.match('80.94.191')
)
)
return "DIRECT";
return "PROXY 192.168.9.200:3328";
}
I tried to avoid use of calls which cause DNS lookups (hence the
host.match() and host.indexOf() ).
Ionel
Henrik Nordstrom wrote:
Is there any difference if you configure the proxy explicit without
using a PAC?
Do you have any rules in the PAC depending on destinaion IP of the
requested server?
fre 2008-06-06 klockan 08:56 +0200 skrev Ionel GARDAIS:
Configured proxy for now.
I'm doing some network to see how can I use squid in transparent
interception without breaking the exclude rules ffrom the current pac we
use.
Ionel
Henrik Nordstrom wrote:
Configured proxy, or transparent interception?
On fre, 2008-06-06 at 08:29 +0200, Ionel GARDAIS wrote:
DNS issues ... client side ? proxy side ?
clients resolve to Windows Server 2003 DNS for internal domain names.
These servers forward to DMZ DNS (running bind) for internal view of
the DNS (private IPs). DMZ DNS forward to the world for all internet
name resolution.
The squid box uses the DMZ DNS.
Thanks,
Ionel
Henrik Nordstrom wrote:
tor 2008-06-05 klockan 19:10 +0200 skrev GARDAIS Ionel:
After rereading my post, I saw that I did not finish a line :
"[...] cache-misses median service times are around 200ms and cache-hits are around 3ms" but we often see a 10-second lag for browser to start loading the page.
That's usually DNS issues. For example if you have two DNS servers
configured where one can not resolve external names...
Regards
Henrik
--
Ionel GARDAIS
System-Network Engineer
--
Ionel GARDAIS
System-Network Engineer
begin:vcard
fn:Ionel GARDAIS
n:GARDAIS;Ionel
org:Tech'Advantage;IT
adr:;;1 Rue Isabey;Rueil Malmaison;FR;92500;FR
email;internet:ionel.gardais@xxxxxxxxxxxxxxxxxx
tel;work:+33(0)147088131
tel;fax:+33(0)147088065
x-mozilla-html:FALSE
url:http://www.tech-advantage.com
version:2.1
end:vcard