Re: [squid-users] problems

Al - Image Hosting Services wrote:
> Hi,
>
> I seem to have created a lot of problems for myself. We are using squid
> with custom written software to filter web content. Because the server
> is in one location and my users are in other locations and because of
> the large number of hours spent helping people setup their computers to
> use the proxy, I had software written to push everything on port 80,
> 443, and 21 to the squid servers and to prevent people from changing the
> settings. This is where I ran into problems. Both https and ftp are
> filtered fine when configured in the browser, but don't work when just
> pushed to the proxy though the software. Since the software runs on the
> end users computers, it seems like I should be able to make ftp and
> https work. Does anyone have any suggestions on how to do this?
>
> Best Regards,
> Al

The problem you face is that both FTP and HTTPS are not HTTP. They
require special wrapping protocol actions to take place in order to
transfer them over HTTP.

FTP requires that the destination URL from the browser address bar be
sent unhandled to the proxy. Unless the browser is explicitly configured
to know about the proxy it will attempt to open native FTP connections
itself. To catch those you require an FTP proxy such as frox.

HTTPS requires a special CONNECT method open a tunnel through the proxy.
After which the native SSL wrappers can be sent down it. Very tricky to
do it without affecting the SSL transport but you might be able to catch
the HTTPS and do the wrapping yourself.

Or... you could use WPAD/PAC requests sent by the browsers when they
startup. That way you can send back a PAC file automatically configuring
the browsers to use the proxy.

Worst case there you might need to catch the browser WPAD requests,
which fortunately are HTTP, and maybe control DHCP.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
   Current Beta Squid 3.1.0.14