[squid-users] Centralized Squid - design and implementation

Nishant Sharma codemarauder at gmail.com
Wed Nov 19 13:32:41 UTC 2014



On 19 November 2014 6:41:44 pm IST, brendan kearney <bpk678 at gmail.com> wrote:
>Yes and it seems java is even more sensitive.  I had an array member
>defined on a line that was not terminated with a semicolon and browsers
>did
>not throw errors, but java did.  Pactester did not catch this.  Missing
>curly braces and I think quotes are caught.
>
>Also of note, you have to set the content type header for a pac file or
>else you run into weird issues.  I found that browsers are forgiving
>and
>will execute the script and take its output if the header is not set.
>Flash does not do this.  It might call for the script but does not use
>it
>if the Content-Type header is not set to
>"application/x-ns-proxy-autoconfig".
>
>GoToMeeting has also pissed me off.  The client parses the script and
>takes
>any value found in it, before executing the script and taking the
>output of
>the execution. This has the result of finding inappropriate proxies to
>use,
>when you are in a corporate environment and have proxies dedicated to
>client access or other functions that should not be leveraged in all
>cases.  I got their technical team on a call because we have a large
>citrix
>install base (both products have the same parent company) and
>complained to
>no avail.  I had to write a doc on how to correct the client config for
>anyone needing to use GoTo... products.
>On Nov 19, 2014 6:18 AM, "Kinkie" <gkinkie at gmail.com> wrote:
>
>> One word of caution: pactester uses the Firefox JavaScript engine,
>which
>> is more forgiving than MSIE's. So while it is a very useful tool, it
>may
>> let some errors slip through.
>> On Nov 18, 2014 9:45 PM, "Jason Haar" <Jason_Haar at trimble.com> wrote:
>>
>>> On 19/11/14 01:39, Brendan Kearney wrote:
>>> > i would suggest that if you use a pac/wpad solution, you look into
>>> > pactester, which is a google summer of code project that executes
>pac
>>> > files and provides output indicating what actions would be
>returned to
>>> > the browser, given a URL.
>>> couldn't agree more. We have it built into our QA to run before we
>ever
>>> roll out any change to our WPAD php script (a bug in there means
>>> everyone loses Internet access - so we have to be careful).
>>>
>>> Auto-generating a PAC script per client allows us to change
>behaviour
>>> based on User-Agent, client IP, proxy and destination - and allows
>us to
>>> control what web services should be DIRECT and what should be
>proxied.
>>> There is no other way of achieving those outcomes.
>>>
>>> Oh yes, and now that both Chrome and Firefox support proxies over
>HTTPS,
>>> I'm starting to ponder putting up some form of proxy on the Internet
>for
>>> our staff to use (authenticated of course!) - WPAD makes that
>something
>>> we could implement with no client changes - pretty cool :-)
>>>
>>> --
>>> Cheers
>>>
>>> Jason Haar
>>> Corporate Information Security Manager, Trimble Navigation Ltd.
>>> Phone: +1 408 481 8171
>>> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>squid-users mailing list
>squid-users at lists.squid-cache.org
>http://lists.squid-cache.org/listinfo/squid-users

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141119/66ae62bc/attachment.html>


More information about the squid-users mailing list