On 20.03.2012 08:46, Milen Pankov wrote:
On 19.03.2012 19:09, Matus UHLAR - fantomas wrote:
it's impossible for the proxy to pass error page to the browser,
when
the user bypasses the proxy and connects to the website directly.
You must deny direct access to HTTPS (port 443) sites by a firewall
and
force browsers to use the proxy, if you want to control access on
the
proxy.
However, as long as HTTPS is encrypted, the only way you can
allow/deny
users using some sites, is having list of sites (IP addresses) that
will
be allowed (and deny access to others) or denied (and allow access
to
others).
Hi,
Yes I understand that. However as the direct traffic to port 443
happens
on the client computer and not on the server I don't have access to
every client computer to block access to port 443 by a firewall and I
don't think that is necessary. The user may or may not use the proxy,
it's up to the user. However if he has configured the browser to use
a
proxy and the browser does not use the proxy (although user refused
to
authenticate) that's the problem. As I however said I first thought
it
was a browser problem, but it appears not to be as I can reproduce it
on
different browsers. May be it is not only a squid problem, it may be
both a browser and a squid problem, I don't know.
Regards,
Milen
So:
- user configured browser to use a proxy
- browser does not use proxy
How is disobeying its own configuration details *not* a browser
problem?
Answer: when the problem is the user themselves misunderstanding the
browser configuration.
For example; it is perfectly possible to configure all your browsers to
use a proxy *only* for HTTP traffic. Skipping the proxy or non-HTTP
protocols ... modern browsers that includes HTTPS, WebSockets and SPDY.
*How* is the browser configured?
Amos
