>>> On 12/01/2007 at 16:22, "Timothy Bushart" <BusharT@mail.amc.edu>
wrote:
> Question about Squid- We're running Squid, AD Group policy forces IE
on
> our clients to use proxy. We have some exceptions to bypass the
proxy
> pushed down with the same policy. What were noticing is that if the
> exception includes an ip address, and the client types in the URL
for
> the web site using the host name that resolves to that ip, but not
the
> actual ip, the proxy isn't bypassed. When the host name is type and
> resolved to the IP (I think it uses squids dns, not the dns
configured
> on the workstation) IE isn't smart enough to realize that the ip is
on
> the exception list to be bypassed. Is the as designed?
More or less. All IE has to do is ask Squid 'please fetch
http://google.com/ for me';
the DNS lookups are all done by Squid, not IE. (Indeed, for all IE
knows, it
might not even *have* Internet access, only access to a proxy server -
in
which case, attempting DNS lookups would be very counterproductive.)
Probably the best solution would be to make your group policy mandate
a proxy-auto-config file, rather than specifying exceptions directly;
the PAC can then cause a DNS lookup and decide based on IP address
which access goes directly and which goes through the proxy.
(Either group policy, or you could use WPAD to automate that instead?)
James.
Received on Fri Jan 12 2007 - 09:47:32 MST
This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST