I'm from the other end of the spectrum. I prefer autoconfiguration files
to transparent proxies. And, interestingly, for the same reason: they're
easier to maintain and support. :-)
I suspect one's preference depends on the security policies that one has
to address: DoD, DND, MoD, etc. environments tend to be more restrictive
and autoconfiguration files seem to work better in these environments.
Merton Campbell Crockett
On Wed, 10 Mar 2004, Ted Kaczmarek wrote:
> Scary part is HTTP is such a simple protocol yet people have so many
> issues. Transparent is fool proof(assuming you do your homework), but
> implicit is definitely more robust. In Fail over situation transparent
> really starts to shine. It is very simple to originate a default route
> through a L4 redirect, with implicit the only good option is dns
> timeout. If you really a crackpot you can redirect both for fail over.
> Service and health checks are a sweet thing.
>
> I opted for transparent because the administration is fool proof and
> auth is not required.
> Just works.......
>
> I would love to hear other ideas as well if anyone if offering :-)
>
> Ted
>
>
> On Wed, 2004-03-10 at 15:19 -0800, Merton Campbell Crockett wrote:
>
> > On Wed, 10 Mar 2004, Rod Savard wrote:
> >
> > > > Configuring the client to use the proxy is a solution.
> > >
> > > I understand what you're saying, but we specifically do not want to
> > > configure the client to use a proxy and for a good reason... and not
> > > because it's difficult to configure everyone's IE to use a proxy (it's
> > > easy with Windows Group Policy).
> > >
> > > The problem is with mobile users who plug their laptops into a broadband
> > > connection at a hotel, their house, etc. If their browser is set to use
> > > a proxy for LAN connections, then they won't be able to use IE when not
> > > on our corporate LAN. Transparent proxying seems to provide a perfect
> > > workaround to this problem (besides the recent discovery that a few web
> > > pages show up "blank").
> >
> > Defining a specific proxy is not a "good" idea for the reasons that you
> > specify; however, this problem is addressed for IE users by configuring
> > the browser to use "Web proxy automatic detection". Several hotel chains
> > that I've stayed at require you to set this feature or set a specific web
> > proxy in order to access Internet web content.
-- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence and Exploitation Systems N: Crockett;Merton;Campbell EMAIL;TYPE=internet: mcc@CATO.GD-AIS.COM TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=work,fax: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcardReceived on Wed Mar 10 2004 - 23:55:22 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST