We make our users , use the proxy through proxy settings in the browser.
This is one of those cases where a seemingly good word , hides
a bad concept.
There are many caveats of transparant proxying :
- Intercepting HTTP breaks TCP/IP standards because user agents
think they are talking directly to the origin server.
- It causes path-MTU to fail. Possibly making the website not accessible.
- As a result for instance on older IE versions ; "reload" did not
work as expected.
- You can't use proxy authentication
- You can't use IDENT lookups
- Intercepting proxies are incompatible with IP filtering designed
to prevent address spoofing.
- Clients are still expected to have full Internet DNS resolving
capabilities , when in certain Intranet/Firewalling setups , this
is not always wanted.
- Related to above : because of transp. proxy setup : squid
connects to a site
which is down.HOWEVER , due to the transparant proxying setup. It gets
a connected state to the interceptor. The
end user may get wrong error messages or a browser, seemingly
doing nothing anymore.
M.
Received on Sat Jan 07 2006 - 06:30:33 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST