Squid Interception Proxying Troubles
Shawn Badger
sbadger at cskauto.com
Thu Nov 2 09:02:24 MST 2006
My recommendation would be to set all of the browsers to point to squid
porxy. Then after everyone is pointed to the proxy allow only the proxy
to use port 80 out on the firewall. This will keep the roll out smooth
and then keep anyone with a mis-configured browser from getting out on
the internet.
On Wed, 2006-11-01 at 16:10 -0700, JT Moree wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I went back and read thru the earlier posts. Let me make sure I
> understand the situation completely.
>
> You have a network. There is a firewall. There is a separate proxy
> server running squid and squidguard.
>
> If a user sets up the proxy settings in his browser to use the proxy
> server then all traffic is properly handled by all systems and the user
> really does get proxied. If the user goes to a blacklisted site (in
> squidguard blacklists) he is blocked etc. etc.
>
> If that is all correct then the next step is that you want to STOP users
> from getting through the firewall directly so as to force the traffic
> through squid.
>
> OR you have the firewall checking with squid to allow or deny the user
> based on squid's response--but this is less common i think.
>
> Once you have stopped all direct traffic going directly through the
> firewall make sure the proxy can still get through the firewall.
>
> After you have stopped all direct traffic then work on transparently
> redirecting traffic to the squid box.
>
> Note: i found this on the net
> http://www.squid-cache.org/mail-archive/squid-users/200403/1003.html
>
> I don't know if this will help or not but it helps me to go over a
> problem from start to finish to see if I have missed anything.
>
> - --
> JT Morée
> PC Xperience, Inc.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFSSll1JwGi/ukQqERAjfxAJwJJek7/ZddqHGtlVOUvAfouLUaWQCfRugy
> qYNPicGB2B25cU7jc/8YL1o=
> =pvDL
> -----END PGP SIGNATURE-----
>
More information about the PLUG-discuss
mailing list