Re: [squid-users] privoxy
On Mar 19, 2013, at 7:12 AM, Alexandre Chappaz wrote: anyone ever used privoxy (http://www.privoxy.org/ ) in combination with squid? Is it any good performancewise? I did, with Firefox' adblock on top of the two. I haven't seen a nasty web ad in years. And I quit using squid because I didn't need the huge cache it was building (I'm the only one on this system, and I didn't think the caching was worth the disk space). For just ad blocking, though, privoxy is a marvel -- it's the only ad filter on my iPad. I never noticed any difference in speed with just squid, just privoxy, or with both of them in serial. -- Glenn English smime.p7s Description: S/MIME cryptographic signature
Re: [squid-users] Best policy to allow only proxy surfing
On May 5, 2010, at 9:21 AM, Boniforti Flavio wrote: Now some clever users have discovered that they can use foreing external proxies to avoid filtering. What I was thinking to do, is to enable on my firewall LAN--WAN *only* my proxy's IP address, but the question is: how would I have to proceed, as the client PCs still could be set their proxy settings?! I'm currently working on a replaceThePIXwithLinux project. What I'm hoping to do is: This will be the *only* way out of the LAN. This is to be enforced with pieces of wire. If they can get into the wiFi next door, I don't have a solution for that yet. This box will transparently proxy HTTP by intercepting port 80 (and 443??) and forwarding it to 3128. Squid will be running on the gateway / filter / firewall. Aside from a few ports (SMTP, POP3, IMAP, DNS, etc. on the DMZ), the LAN won't be able to go anywhere. Except for me, of course; I can go anywhere... Don't know if this is going to work, but if it does, rules similar to these may solve your problem. With no proxy whinage. -- Glenn English g...@slsware.com
Re: [squid-users] Best policy to allow only proxy surfing
On May 5, 2010, at 9:54 AM, Boniforti Flavio wrote: Don't know if this is going to work, but if it does, rules similar to these may solve your problem. With no proxy whinage. This *is* going to work Thanks for that. Now I know that if it doesn't, it's my implementation, not the design... I did such setups too, some years ago. The fact is, that similar solutions require some more intervention, because (as you might know) every day a new software/tool/internet application needs to be used (and it is FOR SURE that it HAS to be used, for working purposes, not for joke)... This would mean, adding rules from time to time... It would indeed. One of the delights (IMHO) of iptables is local chains. My packet filter will have special chains for stuff. So when a new rule LAN to NET rule is needed, iptables -A LANtNET -p ... --dport ... -j ALLOW is all that's needed. Actually, that'd go into the shell script that builds the filter. Good luck, but still I confess that I *may be* switching to this your suggestion too! ;-) Use default deny and break up the logic into chains (within reason). Makes things a lot easier to maintain. Did for me, anyway. -- Glenn English g...@slsware.com
[squid-users] wedged (newbie question)
Squid started taking a very long time to supply web pages. Switching Firefox to 'no proxy' worked, so I restarted squid. All better now (proxy back on). Do I need to set up a cron job to restart squid every few weeks? -- Glenn English g...@slsware.com
Re: [squid-users] squid books?
On Feb 4, 2010, at 9:13 AM, J. Webster wrote: Is the O'Reilly squid book still relevant as it was written and published 6 years ago.? I use it. For the simple configuration at my site, it, in combination with the man page, has told me everything I need to know. I'm pretty sure there are things I don't know about, but that hasn't been a problem so far. I suspect the operative phrase here is simple configuration. -- Glenn English g...@slsware.com
[squid-users] OT N1
I'm trying to force a host to go through a proxy without it wanting to. I'm one of the 3 or 4 people who bought a Google Nexus One on day 0. It's a reasonably delightful gadget, with one monster flaw: it isn't possible to set a web proxy (without significant warranty voiding). I'm doing my own DHCP and DNS in house, so it's going through a PIX and stuff to get to the 'Net. Do any of you know of a way to force traffic for port 80 to go to squid on my LAN server (192.168.3.3)? Like routing / ACL rules in the PIX? I know how to route or NAT an IP address, but not a port number. I don't expect it to go through a proxy except when it's on wifi, running with info my DHCP server gives it. I've thought about having DHCP tell the N1 to use the server for a gateway (and do some fiddling with iptables there) instead of the PIX; and trying to get squid to listen on port 80. Seems like a bit of a kludge... Google and O'Reilly haven't come up with anything useful so far. TIA. -- Glenn English g...@slsware.com
