[squid-users] Centralized Squid - design and implementation
brendan kearney
bpk678 at gmail.com
Wed Nov 19 13:11:44 UTC 2014
Yes and it seems java is even more sensitive. I had an array member
defined on a line that was not terminated with a semicolon and browsers did
not throw errors, but java did. Pactester did not catch this. Missing
curly braces and I think quotes are caught.
Also of note, you have to set the content type header for a pac file or
else you run into weird issues. I found that browsers are forgiving and
will execute the script and take its output if the header is not set.
Flash does not do this. It might call for the script but does not use it
if the Content-Type header is not set to
"application/x-ns-proxy-autoconfig".
GoToMeeting has also pissed me off. The client parses the script and takes
any value found in it, before executing the script and taking the output of
the execution. This has the result of finding inappropriate proxies to use,
when you are in a corporate environment and have proxies dedicated to
client access or other functions that should not be leveraged in all
cases. I got their technical team on a call because we have a large citrix
install base (both products have the same parent company) and complained to
no avail. I had to write a doc on how to correct the client config for
anyone needing to use GoTo... products.
On Nov 19, 2014 6:18 AM, "Kinkie" <gkinkie at gmail.com> wrote:
> One word of caution: pactester uses the Firefox JavaScript engine, which
> is more forgiving than MSIE's. So while it is a very useful tool, it may
> let some errors slip through.
> On Nov 18, 2014 9:45 PM, "Jason Haar" <Jason_Haar at trimble.com> wrote:
>
>> On 19/11/14 01:39, Brendan Kearney wrote:
>> > i would suggest that if you use a pac/wpad solution, you look into
>> > pactester, which is a google summer of code project that executes pac
>> > files and provides output indicating what actions would be returned to
>> > the browser, given a URL.
>> couldn't agree more. We have it built into our QA to run before we ever
>> roll out any change to our WPAD php script (a bug in there means
>> everyone loses Internet access - so we have to be careful).
>>
>> Auto-generating a PAC script per client allows us to change behaviour
>> based on User-Agent, client IP, proxy and destination - and allows us to
>> control what web services should be DIRECT and what should be proxied.
>> There is no other way of achieving those outcomes.
>>
>> Oh yes, and now that both Chrome and Firefox support proxies over HTTPS,
>> I'm starting to ponder putting up some form of proxy on the Internet for
>> our staff to use (authenticated of course!) - WPAD makes that something
>> we could implement with no client changes - pretty cool :-)
>>
>> --
>> Cheers
>>
>> Jason Haar
>> Corporate Information Security Manager, Trimble Navigation Ltd.
>> Phone: +1 408 481 8171
>> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141119/1f958a1c/attachment.html>
More information about the squid-users
mailing list