On 22/11/2015 5:56 a.m., Ahmad Alzaeem wrote: > Thanks fot your reply . > > I know that my DNS is weird . > > But all I need is > I have access to DNS server , but I don’t have access to pcs to give them ip:port in their browsers . > > So yes , im forced to work on that way . You should not be. Have a read through <http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers>. Notice that DNS weirdness is not mentioned anywhere, not even as a last-resort method. > > And I want to filter my websites and the only way to go internet is using the proxy . > > So what do you suggest ? Try the methods listed in that wiki page for WPAD/PAC auto-configuration (aka "transparent proxy configuration", notice that is a 3-word phrase). That will catch a lot of the main-stream browsers. When that is done set up your routers for *routing* the port 80/443 traffic through the Squid machine. With NAT (aka "transparent interception proxy", notice that is a different 3-word phrase) No DNS required in any of that. > > So again , the packet go to squid , but inside this packet the name of websites and ds tip is the proxy ip. Exactly. That is all Squid is given to work with. > > What settings needed on squid to operate such as get the info from name and skip dst ip ? > > If u look @ the log files u will understand my idea > We already understand your idea. Others have had it before. The reason it is not popular is the extremely complicated nature of the multiple pieces of high performance high-uptime hardware required just to keep it from falling over and/or hitting the side effects you have seen so far, and many others you have not even got close to reaching yet. When things go wrong the clients also need an individual reset to clear their internal DNS caches. Route packets to Squid (no DNS) just like normally routed packets if Squid were a border gateway, then NAT or TPROXY intercept into the proxy itself on the same machine. FAR more robust. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
