[squid-users] Centralized Squid - design and implementation

[Jason Haar]

On 19/11/14 01:39, Brendan Kearney wrote:
> i would suggest that if you use a pac/wpad solution, you look into
> pactester, which is a google summer of code project that executes pac
> files and provides output indicating what actions would be returned to
> the browser, given a URL. 
couldn't agree more. We have it built into our QA to run before we ever
roll out any change to our WPAD php script (a bug in there means
everyone loses Internet access - so we have to be careful).

Auto-generating a PAC script per client allows us to change behaviour
based on User-Agent, client IP, proxy and destination - and allows us to
control what web services should be DIRECT and what should be proxied.
There is no other way of achieving those outcomes.

Oh yes, and now that both Chrome and Firefox support proxies over HTTPS,
I'm starting to ponder putting up some form of proxy on the Internet for
our staff to use (authenticated of course!) - WPAD makes that something
we could implement with no client changes - pretty cool :-)

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1