Re: [squid-users] https facebook dstdomain acl doesn't work

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 01 Mar 2012 01:47:28 +1300

On 1/03/2012 12:42 a.m., Muhammad Yousuf Khan wrote:
> Thanks, it means i have to shift it back to proxy mode. since i am
> still using it on testing environment it wouldn't be an hurdle for me.

"back"? Squid since version 2.6 have been able to open multiple ports
simultaneously. Several traffic modes entering one proxy is pretty
common these days.

The advised best-practice for a portal proxy installation is to layer
the modes.
  With regular forward-proxy ports available. And WPAD/PAC deployed to
the network to encourage their use as much as possible.
  Then interception as a backup method of receiving the traffic. With
NAT or TPROXY deployed to catch port 80 and maybe 443/HTTPS if your
locale can do that.
  Then firewall rules deployed to control what the proxy does not or
cannot do (for example the rules Naira mentioned).

  There are also a few other tricks like dnsmasq and a reverse-proxy
port amongst the interception tools if you get desperate.

Amos
Received on Wed Feb 29 2012 - 12:47:33 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 29 2012 - 12:00:06 MST