> That would solve this problem, but by forcing the use of a proxy, we get > better control of the web traffic. It also allows us to use group policy > to block access to setting the proxy for users not allowed to browse the > web, without jumping through hoops required to setup authentication on the > proxy server. We can't just block access to IE, because these users do > need access to intranet applications. Currently there are only a couple > of users that have laptops and access sites that have this problem the > others are on desktops, and setting them to use the configuration script > is a onetime deal. Even these users are a very small percentage probably > only around 2% of all users. > Setting up a transparent proxy with authentication to stop the users not > allowed internet access would have an impact on the other 98% of users who > work just fine with the auto detect settings. Overlooking the fact you can't do www auth on transparent proxies. You can do IP-validation and such authorizations only. > Of course if Sun just > implemented an auto detect option in the Java Runtime Environment proxy > settings, all my problems would just go away. :) Amos > > Thanks, > Dean Weimer > Network Administrator > Orscheln Management Co > > -----Original Message----- > From: Hunter Fuller [mailto:hackmiester@xxxxxxxxx] > Sent: Wednesday, April 15, 2009 11:25 AM > To: Dean Weimer; squid-users@xxxxxxxxxxxxxxx > Subject: Re: Using Squid as a proxy to change network > devices' properties instead of web broswers'? > > You can't do transparent proxying here? > -hackmiester > Too short? http://five.sentenc.es/ > > > > 2009/4/15 Dean Weimer <dweimer@xxxxxxxxxxxx>: >> Interesting, saw this and thought that it might solve some problems I >> have been having with applications that import settings from the >> browser, but don't work with auto detect. I thought I would try this on >> Vista, of course it doesn't exist, but there is a replacement. >> >> In Vista (of course you have to run as admin): >> To Display current setting: >> netsh winhttp show proxy >> To import form IE: >> netsh winhttp import proxy source=ie >> (Does anyone know if you can use a different source?) >> To manually set it: >> netsh winhttp set myproxy:port "<local>;localsite1;localsite2;..." >> To Set back to direct: >> netsh winhttp reset proxy >> >> Also I noticed that it imports no proxy if you are set to use a script >> or automatically detect, the proxycfg in XP still pulls the manual >> configuration even after I set it to auto detect. It was set to manual >> configuration the first time I ran the command, so it appears to not >> look at the current settings but looks at what is in the registry for >> the manual configuration whether or not it is currently enabled. >> >> In XP: >> To Display Current Settings: >> proxycfg -d >> To Import from IE: >> Proxycfg -u >> To Manually Set: >> Proxycfg -p myproxy:port "<local>;localsite1;localsite2;..." >> >> Looks like under my environment I will have to use the manual set >> options to possibly solve the issue, the main problem I have found is >> that Java doesn't seem to work correctly if the browser is configured >> for auto detect, it will work however, if the browser is set to use a >> specific configuration script, or a manually configured proxy. Both of >> these options however do require the user to change settings if they >> have a laptop and try to use it outside of our network. >> Guess if this command fixes the problem I can look at writing a startup >> script to detect if they are on our local LAN or not and set it to >> direct or a manual proxy depending on the result, then push this script >> to clients with group policy. >> >> Thanks, >> Dean Weimer >> Network Administrator >> Orscheln Management Co >> >> -----Original Message----- >> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] >> Sent: Wednesday, April 15, 2009 7:32 AM >> To: Phillip Pi >> Cc: squid-users@xxxxxxxxxxxxxxx >> Subject: Re: Using Squid as a proxy to change network >> devices' properties instead of web broswers'? >> >> Phillip Pi wrote: >>> Hello. >>> >>> I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. >>> SP2 >>> machine, with its IIS, as a proxy server. I can make clients' web >>> browsers (e.g., IE and Firefox in Windows XP), go through this proxy >>> server with no problems. >>> >>> I am wondering if I can use Squid to do the same proxy for network >>> devices (e.g., onboard network). I would like to be able to set up PCs' >>> Internet access instead of web browsers. >>> >>> Thank you in advance. :) >> >> The use of Squid as HTTP proxy is limited only individual app or devices >> capabilities. >> >> On windows XP the command "proxycfg -u" IIRC is sufficient to get the >> MS-produced apps using the same settings as IE, whether they are proxy >> or not. >> >> I've heard tell of people using ActiveDirectory to push out proxy >> settings to all machines in a controlled network environment, mayhap an >> expert on that will say how if you need it. >> >> Other devices and apps you will have to check out individually and see >> what can be done. >> >> As a fallback for the really limited apps there is always interception >> at the network gateway device. Though this has a whole other set of >> problems and should only be considered as a last resort. >> >> Amos >> -- >> Please be using >> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 >> Current Beta Squid 3.1.0.7 >> >
