Re: [squid-users] Squid proxy problem to access both intranet and internet servers

On 4/22/05, John Mok <jmok@attglobal.net> wrote:
>
> I have setup a squid proxy 2.5-STABLE9 on Fedora Core 3 in the intranet
> to cache the internet traffic. However, the proxy server do not return
> the correct dynamic HTTP content (e.g. ASP web applications) with
> missing images (e.g. GIF) when the user access intranet servers, but
> there is no problem to access outside internet applications. I have
> added the no_cache and always_direct as follows :-

Interesting. I see similar issues (broken images) when internal clients use
a proxy (not squid, and not a caching proxy) to access internal (intranet)
content, even though the same users do not get broken images when
using the exact same proxy gateway to access public (Internet) content.

> I think the problem is related to the problem of direct access to
> intranet servers, but the problem solved when I set on the browser not
> to access proxy for the domain "example.com". I hope anyone could help
> to advise how to solve the problem in squid config. because the intranet
> is so large that I could not add the domains of direct access one by one
> to every users.

We've 99% solved the problem by configuring internal web browsers to use
a Proxy Automatic Configuration (PAC) script where possible -- all modern
browsers can use PAC for deciding when/which proxy gateway to use, on
a per-destination (by hostname and by URL) basis.

To force the change onto all windows workstations, there are a number of
ways you can push this configuration onto the desktop without manually
visiting each seat in the enterprise. For OSX and other Unix users, we
just supply screenshots for Firefox/Opera/Mozilla/Netscape/Safari/etc.

Henrik Nordstrom wrote:
>
> Your denied requests were for a server running on an odd port.
> Check your Safe_ports setting.

What's interesting is that in my (not squid-specific) case, the proxy the
users are "bouncing off" to get to internal resources is not configured to
block requests to odd ports.

Also, sometimes if the user hits reload often enough, the broken images
will load successfully. I would be interested to know if John Mok
has equivalent results?

Kevin Kadow
Received on Fri May 06 2005 - 16:32:14 MDT