On Mon, May 4, 2009 at 3:35 PM, Gavin McCullagh <gavin.mccullagh@xxxxxx> wrote: > Hi, > > On Mon, 04 May 2009, Matus UHLAR - fantomas wrote: > >> On 29.04.09 04:58, nyoman karna wrote: > >> > you probably may use PAC (as Amos suggested) >> > but IMO it ruin the basic idea of using transparent proxy >> > (which is user does not need to put any setting in their browser) >> >> the whole idea of intercepting proxy (also called transparent) is sick. > > Would you care to substantiate that in a bit more detail? > If your blocking content that would violate rights, maybe; if you are doing it to speed things up or blocking sites that have no place in the current facility I can not see how it can be claimed as sick. I think blocking most porn from schools and work is right. Maybe even blocking youtube from work because of how much time is waisted. >> WPAD is way to go - browser will autodetect the proxy, so user can log there >> and all problems caused by intercepting connections will be gone. > > I've been down this road. We (a 3rd level college) have hundreds of users > walking on and off a campus with their laptops, mobile phones, netbooks, > pdas, etc. We used to have posters, docs, everything set up to tell people > how to use the proxy. We had a proxy.pac. The support load was massive. > The number of people coming into our office for help setting it up was > huge. The number of applications that use HTTP but don't support proxy.pac > files is surprisingly large. The users leave the campus and have to undo > it the proxy settings, then redo them when next on campus. > > It was imperative for us to be able to give completely transparent web > access. It's also a big requirement to have caching to reduce our > bandwidth and give us some kind of logging. So we have transparent > proxying of http traffic and we simply allow https traffic out. > > This policy has been hugely successful. You might argue that we should > just allow all http and https traffic out but that is more expensive, > slower and harder for us to keep track of (I'm not that keen on logging but > it's necessary for a host of reasons). > > As it is now, the web just works for everyone. People are far happier and > so are we. > > Gavin > >
