Squid Interception Proxying Troubles

Erik Bixby erik.bixby at gmail.com
Thu Nov 2 09:20:52 MST 2006 

That was my recommendation, as well.  For better or for worse, the
folks in higher pay-grades than me don't want to go that route.  They
want to do transparent proxying.  So, that leads me back to the
problem of why it is that HTTP traffic gets to my Squid machine, but
nothing ever happens.
-Erik

On 11/2/06, Shawn Badger <sbadger at cskauto.com> wrote:
> My recommendation would be to set all of the browsers to point to squid
> porxy. Then after everyone is pointed to the proxy allow only the proxy
> to use port 80 out on the firewall. This will keep the roll out smooth
> and then keep anyone with a mis-configured browser from getting out on
> the internet.
>
>
> On Wed, 2006-11-01 at 16:10 -0700, JT Moree wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I went back and read thru the earlier posts.  Let me make sure I
> > understand the situation completely.
> >
> > You have a network.  There is a firewall.  There is a separate proxy
> > server running squid and squidguard.
> >
> > If a user sets up the proxy settings in his browser to use the proxy
> > server then all traffic is properly handled by all systems and the user
> > really does get proxied.  If the user goes to a blacklisted site (in
> > squidguard blacklists) he is blocked etc. etc.
> >
> > If that is all correct then the next step is that you want to STOP users
> > from getting through the firewall directly so as to force the traffic
> > through squid.
> >
> > OR you have the firewall checking with squid to allow or deny the user
> > based on squid's response--but this is less common i think.
> >
> > Once you have stopped all direct traffic going directly through the
> > firewall make sure the proxy can still get through the firewall.
> >
> > After you have stopped all direct traffic then work on transparently
> > redirecting traffic to the squid box.
> >
> > Note: i found this on the net
> > http://www.squid-cache.org/mail-archive/squid-users/200403/1003.html
> >
> > I don't know if this will help or not but it helps me to go over a
> > problem from start to finish to see if I have missed anything.
> >
> > - --
> > JT Morée
> > PC Xperience, Inc.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.2 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFFSSll1JwGi/ukQqERAjfxAJwJJek7/ZddqHGtlVOUvAfouLUaWQCfRugy
> > qYNPicGB2B25cU7jc/8YL1o=
> > =pvDL
> > -----END PGP SIGNATURE-----
> >
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list