Re: [SQU] IBM Host On Demand

Ok, I have this problem with another java app embedded on a webpage, so it
is a situation that needs to be fixed well.

Several more questions. If I do use a transparent proxy (or intercepting
proxy). I can have it intercept more than port 80s, correct? If that is the
case, could this be used as a firewall itself? I set Squid up transparent
nad tell it by default to monitor port 80. An SSL site uses port 1138 on a
webserver, so I setup Squid to intercept those also. A java app uses port
9000 to talk to a server on the internet, I can have squid intercept tht
also even though it doesn't communicate in HTTP? Can I have it intercept
port 53 so my internal DNS can query external name servers?

What do you mean by "I can not authenticate my users"?

If not transparent proxy, what would be the better solution?

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----------------------------------------------------------------------------
-------------
Date: Fri, 9 Feb 2001 15:53:02 -0700
Reply-To: squid-users@IRCACHE.NET
Sender: Fake list for archiving at Cineca <SQUID@LIST.CINECA.IT>
Comments: Resent-From: squid-users@ircache.net
Comments: Originally-From: "Robert Collins"
<robert.collins@itdomain.com.au>
From: squid-users@IRCACHE.NET
Subject: Re: [SQU] IBM Host On Demand
Comments: To: Adam Lang <aalang@rutgersinsurance.com>
Content-Type: text/plain; charset="iso-8859-1"

I'm going to get up and be unpopular here :]

Adam,
    'transparent' proxying is a *bad thing*. It saves a little bit of config
time on your users machines, but it break the end to
end link expected by HTTP, and you can no longer authenticate your users,
you will also have to choose between their refresh button
not working or lower cache hits. If you are not 'transparent' now, please
please don't change.

Your problem is *not* related to 'transparent'/'non-transparent'
configuration of squid. It is a badly written application that
needs it's own ports open (you would experience the same problem even if you
were running 'transparently'). You need to open those
ports on your router/firewall/ip filtering device. Squid doesn't need
changing.

Rob

P.S. A slightly academic note: RFC 2616 defines transparent proxies as
(loosely) http proxies that don't alter the content at all.
Non-transparent proxies are ones that alter the content - for example
converting all .gif's into .jpg's as they go through.

the 'transparent' used above really should be something like
"intercepting/non-intercepting" To avoid confusion with the RFC terms.

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html