[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Changing clients to automatically find their proxy?

On Thu, 03 Jul 2008 11:35:19 +0200, Florian Reitmeir <florian@reitmeir.org> wrote:

> On Wed, 02 Jul 2008, Petter Reinholdtsen wrote:
>>[Herman Robak]
>>> If MSIE5 fails to work, it may serve the local admin an opportunity
>>> to suggest an upgrade.
>>I do not plan to add a IE5 compatibility link in Skolelinux for this
>>setup.  IE5 is seriously broken in many areas, and adding workarounds
>>to cope with them seem like a maintainence hell to me.
> What i don't understand is the effort of doing the proxy settings per
> application. why not just use a transparent proxy? squid has very good
> support for it, and for ftp there are debian packages like 'frox' which
> are able to provide an transparent ftp proxy with a squid backend.

 Let me add that transparent proxying leaves more intelligence with the 
clients, as they perform DNS resolving as usual.  Since the browsers 
apply some security constraints based on domain names, they need some 
defenses against DNS trickery(*).  When DNS resolving is delegated to 
the proxy, there is little the browser can do, and the proxy is oblivious 
about the JavaScript security model. 

*) Does Squid perform "DNS pinning", for example?

Herman Robak

Reply to: