Question

Locked

Squid web proxy

By ozric_vita ·
Anyone has experience configuring a web proxy? How helpful are they? Is it true that it does not noticeable help a company with many satellite offices other than the one it is physically located at?

Does it interfere with any HTTP service that is not a standard we page such as automatic update services?

Any information on your experience will be appreciated. Thank you.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

What do you want to achieve?

by TobiF In reply to Squid web proxy

Is your concern caching for performance or proxy as a part of a firewall solution?

Do you currently allow each office to directly walk the internet from their location, or is everything collected into one huge VPN, with a single point of "exit to internet"?

Collapse -

As a firewall solution

by ozric_vita In reply to What do you want to achie ...

TobiF,

I am concern more with proxy as part of a firewall solution.

We don't allow office to directly connect to the internet, we have two point of "exit to the internet".

Thank you for your response.

Collapse -

Yes, very, untrue, sometimes

by robo_dev In reply to Squid web proxy

Proxies are a requirement, not an option, in my opinion.

For some small schools I have setup a proxy called AllegroSurf from Rhinosoft, and I run the same product at home for the 'kids' network.

I had experimented with Squid, and although I know Linux/Unix very well, I am lazy. AllegroSurf does as much as Squid with the DansGuradian or SafeSquid add-ons, yet is configurable without hacking into conf files or having to compile anything.

I have not tried Untangle, but it does look like a really good plug-and-play open source proxy. Untangle is cool because you can add VPN, QOS, and all sorts or other stuff to it easily.

For the enterprise, WebSense is pretty much the de-facto standard. WebSense makes some 'lighter' (cheaper) products such as WebSense Express, as the enterprise products work very well, but are costly. Some people try to use Microsoft ISA, but that's never worked well, in my experience.

Proxy servers, in general, don't break things like update services, and they don't break 'normal' web pages, in general.

The only tricky part is that some web applications do not follow RFC standards, therefore a proxy will cause such a page to have issues. Typically these are only pages that do things like run java applets. For example, the kids website 'Webkinz' has a 'communicator' chat application that uses non-standard TCP ports to communicate, I had to create a firewall rule to bypass the proxy to make this one app work. When I configure a proxy, I also configure a firewall in parallel with the proxy. This way you have a back-door way of going around the proxy for devices that don't play well with the proxy (Nintendo consoles, Internet connected TVs).

Also, I learned that the Nintendo Wii console has a bug in it's HTTP implementation, such that it's connection test will not operate properly through a proxy, but I digress....

Collapse -

What about...

by ozric_vita In reply to Yes, very, untrue, someti ...

What about programs such as Eclipse, TRAC, SVN, Firefox, Flash, Ubuntu updates, Java, and other services. Have you noticed any interruption or issues.

Thank you for your input!

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Forums