Graham Donaldson <[EMAIL PROTECTED]> wrote at 11:37 on 2008-06-06: > That's not my impression last time I looked at transparent proxying. The > guides for setting up transparent proxies I have seen involve using SQUID in > a reverse proxy mode, and then using say iptables to redirect the traffic > from 80 to our proxy port. Besides, this is all moot, as you can't > transparent proxy HTTPS.
I've just tested it out - for recent versions all you need to do is add the "transparent" keyword to squid's config. Other than that it's just a matter of redirecting the packets using whatever firewall/router you have in place. You're right about HTTPS, of course, though a filtering proxy loses a lot of advantages with HTTPS, since it can only go by hostname rather than examining content, at which point you could probably achieve a similar result at the IP or DNS level. > Once again, school's use cache appliances supported by a particular vendor. > If their product doesn't support transparent proxying, then it doesn't > support transparent proxying. Fair, though that sort of inflexibility is one reason why I've come to dislike the "appliance" model of computing. Probably pretty much unavoidable in a school environment though, I suppose. > I wouldn't call it "fixing" our config, I'd call it fixing someone elses's > mistake, because application writers, who have large audiences using proxy > servers, can't be bothered, or are too inept to support them. Sorry - I didn't mean to imply that your config was broken, just that it's probably easier to change a/some central points on your network(s) rather than lobbying all of the many application vendors you might encounter to add the feature to their apps, desirable though it obviously is. A friend of mine came up with a nice approach to this sort of problem a while back which involved using an image-aware packet sniffer* at the network gateway and displaying the results on a large plasma screen in reception. Probably not appropriate in a school environment though ;-) * http://www.ex-parrot.com/~chris/driftnet/ - fun! S - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/[email protected]/
