On Mon, May 4, 2009 at 3:35 PM, Gavin McCullagh <gavin.mccullagh_at_gcd.ie> wrote:
> Hi,
>
> On Mon, 04 May 2009, Matus UHLAR - fantomas wrote:
>
>> On 29.04.09 04:58, nyoman karna wrote:
>
>> > you probably may use PAC (as Amos suggested)
>> > but IMO it ruin the basic idea of using transparent proxy
>> > (which is user does not need to put any setting in their browser)
>>
>> the whole idea of intercepting proxy (also called transparent) is sick.
>
> Would you care to substantiate that in a bit more detail?
>
If your blocking content that would violate rights, maybe; if you are
doing it to speed things up or blocking sites that have no place in
the current facility I can not see how it can be claimed as sick.
I think blocking most porn from schools and work is right. Maybe even
blocking youtube from work because of how much time is waisted.
>> WPAD is way to go - browser will autodetect the proxy, so user can log there
>> and all problems caused by intercepting connections will be gone.
>
> I've been down this road. We (a 3rd level college) have hundreds of users
> walking on and off a campus with their laptops, mobile phones, netbooks,
> pdas, etc. We used to have posters, docs, everything set up to tell people
> how to use the proxy. We had a proxy.pac. The support load was massive.
> The number of people coming into our office for help setting it up was
> huge. The number of applications that use HTTP but don't support proxy.pac
> files is surprisingly large. The users leave the campus and have to undo
> it the proxy settings, then redo them when next on campus.
>
> It was imperative for us to be able to give completely transparent web
> access. It's also a big requirement to have caching to reduce our
> bandwidth and give us some kind of logging. So we have transparent
> proxying of http traffic and we simply allow https traffic out.
>
> This policy has been hugely successful. You might argue that we should
> just allow all http and https traffic out but that is more expensive,
> slower and harder for us to keep track of (I'm not that keen on logging but
> it's necessary for a host of reasons).
>
> As it is now, the web just works for everyone. People are far happier and
> so are we.
>
> Gavin
>
>
Received on Mon May 04 2009 - 22:41:48 MDT
This archive was generated by hypermail 2.2.0 : Wed May 06 2009 - 12:00:02 MDT