Re: Changing clients to automatically find their proxy?
On Thu, 03 Jul 2008 11:35:19 +0200, Florian Reitmeir <firstname.lastname@example.org> wrote:
> On Wed, 02 Jul 2008, Petter Reinholdtsen wrote:
>>> If MSIE5 fails to work, it may serve the local admin an opportunity
>>> to suggest an upgrade.
>>I do not plan to add a IE5 compatibility link in Skolelinux for this
>>setup. IE5 is seriously broken in many areas, and adding workarounds
>>to cope with them seem like a maintainence hell to me.
> What i don't understand is the effort of doing the proxy settings per
> application. why not just use a transparent proxy? squid has very good
> support for it, and for ftp there are debian packages like 'frox' which
> are able to provide an transparent ftp proxy with a squid backend.
Let me add that transparent proxying leaves more intelligence with the
clients, as they perform DNS resolving as usual. Since the browsers
apply some security constraints based on domain names, they need some
defenses against DNS trickery(*). When DNS resolving is delegated to
the proxy, there is little the browser can do, and the proxy is oblivious
*) Does Squid perform "DNS pinning", for example?