That was my recommendation, as well. For better or for worse, the
folks in higher pay-grades than me don't want to go that route. They
want to do transparent proxying. So, that leads me back to the
problem of why it is that HTTP traffic gets to my Squid machine, but
nothing ever happens.
-Erik
On 11/2/06, Shawn Badger <
sbadger@cskauto.com> wrote:
> My recommendation would be to set all of the browsers to point to squid
> porxy. Then after everyone is pointed to the proxy allow only the proxy
> to use port 80 out on the firewall. This will keep the roll out smooth
> and then keep anyone with a mis-configured browser from getting out on
> the internet.
>
>
> On Wed, 2006-11-01 at 16:10 -0700, JT Moree wrote:
> > > > I went back and read thru the earlier posts. Let me make sure I
> > understand the situation completely.
> >
> > You have a network. There is a firewall. There is a separate proxy
> > server running squid and squidguard.
> >
> > If a user sets up the proxy settings in his browser to use the proxy
> > server then all traffic is properly handled by all systems and the user
> > really does get proxied. If the user goes to a blacklisted site (in
> > squidguard blacklists) he is blocked etc. etc.
> >
> > If that is all correct then the next step is that you want to STOP users
> > from getting through the firewall directly so as to force the traffic
> > through squid.
> >
> > OR you have the firewall checking with squid to allow or deny the user
> > based on squid's response--but this is less common i think.
> >
> > Once you have stopped all direct traffic going directly through the
> > firewall make sure the proxy can still get through the firewall.
> >
> > After you have stopped all direct traffic then work on transparently
> > redirecting traffic to the squid box.
> >
> > Note: i found this on the net
> > http://www.squid-cache.org/mail-archive/squid-users/200403/1003.html
> >
> > I don't know if this will help or not but it helps me to go over a
> > problem from start to finish to see if I have missed anything.
> >
> > - --
> > JT Morée
> > PC Xperience, Inc.
> > > >
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss