You are beginning to discover just how bizarre and broken the idea of a 'transparent' http proxy really is. It's not actually possible to have a truly transparent one that isn't somehow broken (although it is sometimes possible to have one that is broken only in ways you don't care about, and there's insufficient information to determine whether this applies in your case). However...
On Mon, Dec 03, 2007 at 02:31:28PM +1100, James Gray wrote: > Obviously there is the option to tell browsers to use the proxy > manually, and that will avoid the problem. However, that is a > work-around, not a solution in our situation. > > So my question to the list is whether or not there is a better way > to do this (WCCP with Shorewall and Squid maybe)? Deploy WPAD, via both DHCP and DNS (because Firefox and IE cannot agree on how to handle it), to automatically deliver the explicit proxy configuration to the browsers. Firefox users may have to enable "auto-detect proxy settings for this network" in their preferences, defaults vary. IE always has it enabled by default. I don't know the macosx defaults offhand. Basically it consists of a well-known DNS name and a DHCP option that both point to a pac file on a local http server. The rest proceeds as if you'd fed that pac file to the browser directly. It's not strictly transparent, but it is zero-configuration on the client, which is the usual objective. ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
