Re: [squid-users] Solutions for transparent + proxy_auth?

From: Steve Brown <sbrown25@dont-contact.us>
Date: Tue, 21 Feb 2006 19:16:47 -0600

> In other words, you don't need to differentiate access
> per site/computer/user.

That's correct.

> Do these connections involve static IPs? src based
> ACLs would work nicely in that case.

If they had static IPs, I would have figured this out before I posted
to the list. ;-)

> The approach you have outlined should work just fine.

OK, that's what I needed to know. I believe I now understand why
interception *shouldn't* be done, but sometimes one must sacrifice a
little to get the job done.

Truthfully, the biggest problem with our current setup is that you
can't _truly_ lock user prefs in Firefox on OSX. We did some research
on locking them and did have success, but the OSX binary for Firefox
is a fully self-contained package. This means that even if we did
lock some settings, such as proxy settings, a user could simply
download a new Firefox image and run it from their desktop, thus
bypassing all previous locks. That's how we were led to the
intercepting proxy idea

> Given there isn't going to be much (if any) difference
> between workstations it shouldn't be difficult to care for.
> Another approach would be static IPs and src based
> ACLs (as mentioned above).

We toyed around with some other ideas involving DNS or some type of
automatic registration by each host, but that got ugly, quick.
Problem w/ the IP approach is that some of the ISPs don't provide
static IPs unless you pay an extra $30/month. When you're a young
company, every dime counts.

Thanks for your help.
Received on Tue Feb 21 2006 - 18:16:48 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST