> > On 29.04.09 04:58, nyoman karna wrote: > > > you probably may use PAC (as Amos suggested) > > > but IMO it ruin the basic idea of using transparent proxy > > > (which is user does not need to put any setting in their browser) > On Mon, 04 May 2009, Matus UHLAR - fantomas wrote: > > the whole idea of intercepting proxy (also called transparent) is sick. On 04.05.09 22:35, Gavin McCullagh wrote: > Would you care to substantiate that in a bit more detail? Making clients think they connect to the destination server when they do not, breaks many things. It disables authentication, causes some TCP problems (pmtu discovery?)... > > WPAD is way to go - browser will autodetect the proxy, so user can log there > > and all problems caused by intercepting connections will be gone. > > I've been down this road. We (a 3rd level college) have hundreds of users > walking on and off a campus with their laptops, mobile phones, netbooks, > pdas, etc. We used to have posters, docs, everything set up to tell people > how to use the proxy. We had a proxy.pac. The support load was massive. > The number of people coming into our office for help setting it up was > huge. The number of applications that use HTTP but don't support proxy.pac > files is surprisingly large. That's bad, luckily many browsers can turn on autodetection and use it when available. > The users leave the campus and have to undo > it the proxy settings, then redo them when next on campus. Well, I always call intercepting a thing you should do in "last resort" and all troubles caused by the interception should be pointed as client errors. Yes, if you need, keep that there, but I hope you didn't stop providing WPAD for anyone who supports it. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool.
