The point is that in your case Squid *won't* work using interception caching unless the browser is set to use a proxy explicitly. So if users disable the proxy in their browser and try to go direct all of the time, the request is still redirected to squid, which is not configured for transparent proxying and so get confused. The result is an error page on the users browser until the put the proxy setting back.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jay Turner Sent: Wednesday, May 15, 2002 11:21 PM To: Morris Maynard; [EMAIL PROTECTED] Subject: RE: Win98 Browser Proxy Thanks Morris, I don't understand how Squid will work using interception caching (which is essentially what ipchains will be doing, intercepting the web request and redirecting it to squid) if it is not configured as a transparent proxy. I was under the impression that for interception caching to work squid HAD to be in transparent mode. That aside, I have found a registry key solution (two actually) to my problem that allows me to disable the ability for the user to change either their proxy setting only or to not be able to change anything under Internet Options. For Proxy only check out: http://www.mydesktophelp.com/tips/ie18.htm for all Internet Options check out: http://tln.lib.mi.us/~amutch/pro/ie/restrictions.htm So far I have only tested it on IE5.5 on Windows 98, but it works a treat. Cheers Jay -----Original Message----- From: Morris Maynard [mailto:[EMAIL PROTECTED]] Sent: Thursday, 16 May 2002 11:10 AM To: Jay Turner; [EMAIL PROTECTED] Subject: RE: Win98 Browser Proxy If you set the server firewall redirection up with an ipchains or iptables rule as you would for transparent proxying, then the clients are forced to use the proxy even if it's not transparent. AS someone else has already noted, you can use the IE admin kit to set up a system policy which will enforce the proxy on setting. This simplfies administration of your clients. If possible, you should have the policy select the autodiscovery method. This is where the option for "automatically detect settings" is checked, and you have a wpad CNAME entry in your DNS server which points to a Web server with wpad.dat in its web root folder. The wpad.dat file is a javascript which you can tune for your needs. In its simplest form, you return the proxy address for URLs outside of your network, and DIRECT for URLs inside. I'm sorry for this generic explanation; if you look for wpad and/or autodiscovery on MSDN you'll find the complete story. For Netscape there is a similar mechanism which uses proxy.pac. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jay Turner Sent: Wednesday, May 15, 2002 9:06 PM To: [EMAIL PROTECTED] Subject: Win98 Browser Proxy Hi All, We have a number of clients using SquidGuard to access the net. My question is, is there an easy way to prevent them from switching off the browser proxy setting in Win98.
