Search squid archive

Re: Centralized Squid - design and implementation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 19 November 2014 6:41:44 pm IST, brendan kearney <bpk678@xxxxxxxxx> wrote:

Yes and it seems java is even more sensitive.  I had an array member defined on a line that was not terminated with a semicolon and browsers did not throw errors, but java did.  Pactester did not catch this.  Missing curly braces and I think quotes are caught.

Also of note, you have to set the content type header for a pac file or else you run into weird issues.  I found that browsers are forgiving and will execute the script and take its output if the header is not set.  Flash does not do this.  It might call for the script but does not use it if the Content-Type header is not set to "application/x-ns-proxy-autoconfig".

GoToMeeting has also pissed me off.  The client parses the script and takes any value found in it, before executing the script and taking the output of the execution. This has the result of finding inappropriate proxies to use, when you are in a corporate environment and have proxies dedicated to client access or other functions that should not be leveraged in all cases.  I got their technical team on a call because we have a large citrix install base (both products have the same parent company) and complained to no avail.  I had to write a doc on how to correct the client config for anyone needing to use GoTo... products.

On Nov 19, 2014 6:18 AM, "Kinkie" <gkinkie@xxxxxxxxx> wrote:

One word of caution: pactester uses the Firefox _javascript_ engine, which is more forgiving than MSIE's. So while it is a very useful tool, it may let some errors slip through.

On Nov 18, 2014 9:45 PM, "Jason Haar" <Jason_Haar@xxxxxxxxxxx> wrote:
On 19/11/14 01:39, Brendan Kearney wrote:
> i would suggest that if you use a pac/wpad solution, you look into
> pactester, which is a google summer of code project that executes pac
> files and provides output indicating what actions would be returned to
> the browser, given a URL.
couldn't agree more. We have it built into our QA to run before we ever
roll out any change to our WPAD php script (a bug in there means
everyone loses Internet access - so we have to be careful).

Auto-generating a PAC script per client allows us to change behaviour
based on User-Agent, client IP, proxy and destination - and allows us to
control what web services should be DIRECT and what should be proxied.
There is no other way of achieving those outcomes.

Oh yes, and now that both Chrome and Firefox support proxies over HTTPS,
I'm starting to ponder putting up some form of proxy on the Internet for
our staff to use (authenticated of course!) - WPAD makes that something
we could implement with no client changes - pretty cool :-)

--
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux