Re: [squid-users] Advice needed on transparent proxy problem

Kamesh Patel wrote:
>
> Hello all,
>
> i need some advice about the squid server i am running.
>
> About six months ago i got involved in a project to filter websites from our
> users... just the haughty stuff. We had a Linux server so i said (with a few
> recommendations and after reading some stuff of the squid website) 'lets try
> out squid'.
>
> I got squid up and running and fully tested as a proxy/cache but not
> transparent.
>
> I then went live and soon realised that some of the users decided to by pass
> the proxy by removing the settings from the browser. So i looked into making
> it into an accelerated transparent http proxy.
>
> that all went fine but now i have a problem, which is i am having troubles
> with accessing most secure sites on the internet. For example i go to login
> to my hotmail account and it returns a 'Cannot Find server or DNS Error' -
> Internet Explorer!!!.
>
> But if i try again immediately it works. My users and myself get this all
> the time.
>
> I have installed and setup squid on another server with exactly the same
> setup without accelerated transparent http proxy, set the browser up to look
> at the proxy on the correct port, and all works fine with that.
>
> Now i am almost 100% sure that its something to do with the transparent
> accelerated proxy, is there something like a https accelerated proxy
> feature? that will fix this problem or is there a way to setup squid to be
> transparent but not tell it that it is a accelerated transparent proxy...
> but keep speed that comes with it?.. thinking about the last question i
> think i will still have the same problem???.
>
> Please help... as i do not want to lose squid to this!
>
> Thanks in advance
>
> Kamesh

 The idea of forced blocking of sites doesn't necessarily imply
installing
SQUID as transparant proxy.
I feel the issues are unrelated, fw. policies could block standard
web access without SQUID (proxy) using other methodologies.

 Transp. proxying is sort of a hack at the IP level, and can sometimes
break subtle issues in ip networking between the client and the
webserver.

 In our network end clients do not have ip connectivity towards the
 Internet, so they must use the SQUID proxy, for web access.
 This probably, could be realized in a simpler way for outgoing
 connections to port 80, for example.

 These issues are also related to networking/Intranet design and setup.

 M.

-- 
 'Time is a consequence of Matter thus
 General Relativity is a direct consequence of QM
 (M.E. Mar 2002)