Re: [squid-users] Squid + WPAD issues

From: K K <kkadow@dont-contact.us>
Date: Mon, 11 Jun 2007 13:11:16 -0500

On 6/11/07, Markus.Rietzler@rzf.fin-nrw.de
<Markus.Rietzler@rzf.fin-nrw.de> wrote:
> my question was regarding some user-excpetions. a combination of proxy-pac and "browser-settings" is not possible - at least not with IE.

Correct. That is not possible.

When a browser is configured to use a Proxy script (via WPAD or
specified as a PAC url), the browser ignores locally configured proxy
and proxy exceptions.

> so if we want to support user excpetions than it only could be done
> if these settings also were provided by the cgi-generated pac-file, right?

Yes, exactly.
I am not aware of any web browser which will mix local settings and PAC.

Getting back to Squid, one earlier question was whether squid could
tell the client "don't use me as a proxy to access this, you need to
go direct".

While that isn't directly technically possible (as HTTP doesn't offer
such a feature), what you can do is make sure that all clients know
(via PAC or via exception lists) that any *.intranet URL must always
be accessed directly, and configure Squid and an external helper so
when a client tries to use Squid to access internal resource "foo",
the client receives a redirect telling it to go to the appropriate
foo.intranet URL.

You'd also need to put in an explicit DENY policy for "*.intranet"
URLs to avoid forwarding loops.

Kevin
Received on Mon Jun 11 2007 - 12:11:20 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT