Re: [SQU] IBM Host On Demand

Adam,
    just a note: you might like to break up large paragraphs into single question lines - it makes inserting responses easier.

----- Original Message -----
From: "Adam Lang" <aalang@rutgersinsurance.com>
To: <squid-users@ircache.net>
Sent: Wednesday, February 14, 2001 6:43 AM
Subject: Re: [SQU] IBM Host On Demand

> Ok, I have this problem with another java app embedded on a webpage, so it
> is a situation that needs to be fixed well.
>
> Several more questions. If I do use a transparent proxy (or intercepting
> proxy). I can have it intercept more than port 80s, correct? If that is the

You can intercept more than one port, but getting squid to understand the data is a different issue.

> case, could this be used as a firewall itself? I set Squid up transparent
> nad tell it by default to monitor port 80. An SSL site uses port 1138 on a
> webserver, so I setup Squid to intercept those also. A java app uses port

No. SSL requests made when theres no proxy configured will not be understood by squid (to the best of my knowledge).

> 9000 to talk to a server on the internet, I can have squid intercept tht
> also even though it doesn't communicate in HTTP?

No. Squid only understands HTTP requests.

>Can I have it intercept
> port 53 so my internal DNS can query external name servers?

No. As above.

>
> What do you mean by "I can not authenticate my users"?

HTTP user agents (browsers) will not respond to proxy-authenticate challenges from intercepting proxies.

> If not transparent proxy, what would be the better solution?

Use IPChains/IPfilters/Iptables as appropriate and NAT you local network. Install draconian access rules and only allow the broken
applications directly through. Leave your browser configured with the squid box as it's proxy cache.

Rob

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html