RE: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?

That would solve this problem, but by forcing the use of a proxy, we get better control of the web traffic. It also allows us to use group policy to block access to setting the proxy for users not allowed to browse the web, without jumping through hoops required to setup authentication on the proxy server. We can't just block access to IE, because these users do need access to intranet applications. Currently there are only a couple of users that have laptops and access sites that have this problem the others are on desktops, and setting them to use the configuration script is a onetime deal. Even these users are a very small percentage probably only around 2% of all users.
Setting up a transparent proxy with authentication to stop the users not allowed internet access would have an impact on the other 98% of users who work just fine with the auto detect settings. Of course if Sun just implemented an auto detect option in the Java Runtime Environment proxy settings, all my problems would just go away.

Thanks,
     Dean Weimer
     Network Administrator
     Orscheln Management Co

-----Original Message-----
From: Hunter Fuller [mailto:hackmiester_at_gmail.com]
Sent: Wednesday, April 15, 2009 11:25 AM
To: Dean Weimer; squid-users_at_squid-cache.org
Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?

You can't do transparent proxying here?
-hackmiester
Too short? http://five.sentenc.es/

2009/4/15 Dean Weimer <dweimer_at_orscheln.com>:
> Interesting, saw this and thought that it might solve some problems I have been having with applications that import settings from the browser, but don't work with auto detect.  I thought I would try this on Vista, of course it doesn't exist, but there is a replacement.
>
> In Vista (of course you have to run as admin):
> To Display current setting:
> netsh winhttp show proxy
> To import form IE:
> netsh winhttp import proxy source=ie
> (Does anyone know if you can use a different source?)
> To manually set it:
> netsh winhttp set myproxy:port "<local>;localsite1;localsite2;..."
> To Set back to direct:
> netsh winhttp reset proxy
>
> Also I noticed that it imports no proxy if you are set to use a script or automatically detect, the proxycfg in XP still pulls the manual configuration even after I set it to auto detect.  It was set to manual configuration the first time I ran the command, so it appears to not look at the current settings but looks at what is in the registry for the manual configuration whether or not it is currently enabled.
>
> In XP:
> To Display Current Settings:
> proxycfg -d
> To Import from IE:
> Proxycfg -u
> To Manually Set:
> Proxycfg -p myproxy:port "<local>;localsite1;localsite2;..."
>
> Looks like under my environment I will have to use the manual set options to possibly solve the issue, the main problem I have found is that Java doesn't seem to work correctly if the browser is configured for auto detect, it will work however, if the browser is set to use a specific configuration script, or a manually configured proxy.  Both of these options however do require the user to change settings if they have a laptop and try to use it outside of our network.
> Guess if this command fixes the problem I can look at writing a startup script to detect if they are on our local LAN or not and set it to direct or a manual proxy depending on the result, then push this script to clients with group policy.
>
> Thanks,
>      Dean Weimer
>      Network Administrator
>      Orscheln Management Co
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Wednesday, April 15, 2009 7:32 AM
> To: Phillip Pi
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
>
> Phillip Pi wrote:
>> Hello.
>>
>> I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2
>> machine, with its IIS, as a proxy server. I can make clients' web
>> browsers (e.g., IE and Firefox in Windows XP), go through this proxy
>> server with no problems.
>>
>> I am wondering if I can use Squid to do the same proxy for network
>> devices (e.g., onboard network). I would like to be able to set up PCs'
>> Internet access instead of web browsers.
>>
>> Thank you in advance. :)
>
> The use of Squid as HTTP proxy is limited only individual app or devices
> capabilities.
>
> On windows XP the command "proxycfg -u" IIRC is sufficient to get the
> MS-produced apps using the same settings as IE, whether they are proxy
> or not.
>
> I've heard tell of people using ActiveDirectory to push out proxy
> settings to all machines in a controlled network environment, mayhap an
> expert on that will say how if you need it.
>
> Other devices and apps you will have to check out individually and see
> what can be done.
>
> As a fallback for the really limited apps there is always interception
> at the network gateway device. Though this has a whole other set of
> problems and should only be considered as a last resort.
>
> Amos
> --
> Please be using
>   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>   Current Beta Squid 3.1.0.7
>
Received on Wed Apr 15 2009 - 18:19:56 MDT