RE: [squid-users] MIGHT INTEREST YOU ALL

From: Robert Adkins <raa@dont-contact.us>
Date: Fri, 3 May 2002 15:05:00 -0400

Gosh, I am really uncertain about that. I believe that SSL is much more
than simply data on a different port number. If that was the case, there
should be no problem with that.

However, I do know that it is not possible to compress SSL traffic, at
least with a compression software client/server system that I helped
support. It could be something to do with the encryption being placed
upon the SSL data. I am only speculating as I am just beginning to get
into that area of knowledge.

I believe that due to the difference between http and https data squid
and probably other proxy servers are just unable to cope with that data
without severely compromising the safety and or integrity of SSL traffic.

Your best bet might be just to leave SSL traffic alone and work out
something with the automated proxy server settings change. Sure, it will
be a bit of work, but that is always something well worth knowing.

Regards,
Robert Adkins
IT Manager/Buyer
IMPEL Industries, Inc.
Office: 586-254-5800

 -----Original Message-----
From: Kushal Lala [mailto:klala@scif.com]
Sent: Friday, May 03, 2002 11:49 AM
To: Robert Adkins
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] MIGHT INTEREST YOU ALL

   

Thanks Robert.!!
That's what we do with windows 2000..centralised control.
Can we do something with ipchains MASQUERADE for the SSL traffic.

Thanks
Kushal

 -----Original Message-----
From: Robert Adkins [mailto:raa@impelind.com]
Sent: Friday, May 03, 2002 11:25 AM
To: Kushal Lala; mailinglistsquid-users@squid-cache.org
Subject: RE: [squid-users] MIGHT INTEREST YOU ALL

A Transparent Proxy would be nice, although as far as I know, Squid is
unable to handle SSL traffic in a transparent mode. So, you would be out
of luck with that.

What you could do, to change the browser settings... Well, that would
depend on your network.

        With a Windows 2000 Active Directory network, you should be able to
change the settings for the proxy server through registry changes with
Group Policy Objects. You could also set all of the browsers to point to
a central in-house web-server that you could post Active-X controls to
that could be used to radically alter browser settings. Then, you
shouldn't have to run from desk to desk and have your support lines
filled with phones.

        For UNIX workstations, that setting should be in a text configuration
file for each and every user. In that case, a simple script could be
designed to run when a user logs into the network. This can be used to
alter the proxy server settings. Again, this should keep you from having
to run about your network and keep your support calls to a minimum.

        If you are using older MacOS systems... I am unable to help you there. I
do figure that newer MacOSX systems would be configured similar to the
UNIX workstations.

        Well, I hope that information can be of some use to you. Perhaps there
is something out there that will support a transparent proxy SSL data.

Regards,
Robert Adkins
IT Manager/Buyer
IMPEL Industries, Inc.

 -----Original Message-----
From: Kushal Lala [mailto:klala@scif.com]
Sent: Friday, May 03, 2002 11:03 AM
To: mailinglistsquid-users@squid-cache.org; squid-users@squid-cache.org;
Robert Adkins
Subject: [squid-users] MIGHT INTEREST YOU ALL :)

Hi All:

I am trying to figure out a way of implementing proxy
in our BGP network. Presently we have the proxy servers running in one
location and all the user browsers are configured to use those servers.
But eventually we want the proxy servers to run in three different
locations; cos if one site goes down the users can go out thru the other
side. But there is a hassle of manually configuring the browsers to
change
the proxy server ip :(

So guys what can be the best solution.."Transparent Proxy". But the users
could be more than 8000.

TIA
Received on Fri May 03 2002 - 13:06:16 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:54 MST