[squid-users] FW: Encrypted browser-Squid connection errors
Grant Taylor
gtaylor at tnetconsulting.net
Thu Oct 20 15:14:21 UTC 2022
On 10/19/22 11:33 PM, Rafael Akchurin wrote:
> The following line set in the Script Address box of the browser proxy
> configuration will help - no need for a PAC file for quick tests. Be
> sure to adjust the proxy name and port.
>
> data:,function FindProxyForURL(u, h){return "HTTPS proxy.example.lan:8443";}
Is it just me, or is it slightly disturbing that JavaScript in a
configurations property box is being executed?
I guess I had naively assumed that something else, ideally hardened
against malicious content, somewhere else is executing the JavaScript
retrieved from the PAC file. -- I feel like there should be a
separation of responsibilities.
> More info at https://webproxy.diladele.com/docs/network/secure_proxy/browsers/
Aside: Why the propensity of running the HTTP, HTTPS, FTP, and SOCKS
proxies on non-standard ports? Why not run them on their standard
ports; 80, 443, 21, and 1080 respectively?
I switched to using standard ports years ago to simplify configuring
HTTP proxy support in Ubuntu installers; "http://proxy.example.net/", no
need to fiddle with the port. Or if you have DNS search domains
configured, "http://proxy/" is sufficient.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20221020/ef39c353/attachment.bin>
More information about the squid-users
mailing list