Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
Phillip Pi wrote: Question about this proxycfg.exe in XP: Does this work for all Internet program? I can get it to work with IE (v6-v7) and CDBurnerXP (to download its update for the program), but not Firefox. I read that the program has to know winHTTP. Am I understanding this correctly? If so, then how do I know which programs support that to do proxy? The command is born from the fact that MS use more than one 'web access' DLL API for their web backend(s) in Windows XP. IE sets the config for one of the DLL, certain apps (WU amongst them) use the other library. The command syncs the settings used by both DLL, nothing more. So the result is that various MS software are 'fixed' and start working again with a proxy or after a proxy config is changed. But most non-MS software is not affected. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7
Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
On Thu, Apr 16, 2009 at 10:38:44PM +1200, Amos Jeffries wrote: Phillip Pi wrote: Question about this proxycfg.exe in XP: Does this work for all Internet program? I can get it to work with IE (v6-v7) and CDBurnerXP (to download its update for the program), but not Firefox. I read that the program has to know winHTTP. Am I understanding this correctly? If so, then how do I know which programs support that to do proxy? The command is born from the fact that MS use more than one 'web access' DLL API for their web backend(s) in Windows XP. IE sets the config for one of the DLL, certain apps (WU amongst them) use the other library. The command syncs the settings used by both DLL, nothing more. So the result is that various MS software are 'fixed' and start working again with a proxy or after a proxy config is changed. But most non-MS software is not affected. Thanks. Is there a list of non-MS programs that use this? It seems like it is WinHTTP API?
Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
Phillip Pi wrote: On Thu, Apr 16, 2009 at 10:38:44PM +1200, Amos Jeffries wrote: Phillip Pi wrote: Question about this proxycfg.exe in XP: Does this work for all Internet program? I can get it to work with IE (v6-v7) and CDBurnerXP (to download its update for the program), but not Firefox. I read that the program has to know winHTTP. Am I understanding this correctly? If so, then how do I know which programs support that to do proxy? The command is born from the fact that MS use more than one 'web access' DLL API for their web backend(s) in Windows XP. IE sets the config for one of the DLL, certain apps (WU amongst them) use the other library. The command syncs the settings used by both DLL, nothing more. So the result is that various MS software are 'fixed' and start working again with a proxy or after a proxy config is changed. But most non-MS software is not affected. Thanks. Is there a list of non-MS programs that use this? It seems like it is WinHTTP API? I've never seen a full list. My experience has been that it fixes issues in: Windows Update Microsoft Update early IIS (the ones that could run on 'Home' edition) Microsoft Office (including some parts the plugin Outlook) MSN Explorer Live Messenger (not 'Window Live Messenger' the older one.) Though, some of those apps (namely outlook, and Messenger) are able to do certain web requests without it, and require it for others. They only appear partly broken until its done. And it only is of use on Windows XP. I've just lost the link right now, but there were other (netsh based) methods someone posted this week for Vista and Windows 7. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7
Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
Phillip Pi wrote: Hello. I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2 machine, with its IIS, as a proxy server. I can make clients' web browsers (e.g., IE and Firefox in Windows XP), go through this proxy server with no problems. I am wondering if I can use Squid to do the same proxy for network devices (e.g., onboard network). I would like to be able to set up PCs' Internet access instead of web browsers. Thank you in advance. :) The use of Squid as HTTP proxy is limited only individual app or devices capabilities. On windows XP the command proxycfg -u IIRC is sufficient to get the MS-produced apps using the same settings as IE, whether they are proxy or not. I've heard tell of people using ActiveDirectory to push out proxy settings to all machines in a controlled network environment, mayhap an expert on that will say how if you need it. Other devices and apps you will have to check out individually and see what can be done. As a fallback for the really limited apps there is always interception at the network gateway device. Though this has a whole other set of problems and should only be considered as a last resort. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7
Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
Thanks. So Squid cannot do what I am looking for and is only for http. I will check out proxycfg.exe command. This is a new one to me. I hope Vista and Windows 7 have it too. On Thu, Apr 16, 2009 at 12:32:15AM +1200, Amos Jeffries wrote: I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2 machine, with its IIS, as a proxy server. I can make clients' web browsers (e.g., IE and Firefox in Windows XP), go through this proxy server with no problems. I am wondering if I can use Squid to do the same proxy for network devices (e.g., onboard network). I would like to be able to set up PCs' Internet access instead of web browsers. Thank you in advance. :) The use of Squid as HTTP proxy is limited only individual app or devices capabilities. On windows XP the command proxycfg -u IIRC is sufficient to get the MS-produced apps using the same settings as IE, whether they are proxy or not. I've heard tell of people using ActiveDirectory to push out proxy settings to all machines in a controlled network environment, mayhap an expert on that will say how if you need it. Other devices and apps you will have to check out individually and see what can be done. As a fallback for the really limited apps there is always interception at the network gateway device. Though this has a whole other set of problems and should only be considered as a last resort.
RE: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
Interesting, saw this and thought that it might solve some problems I have been having with applications that import settings from the browser, but don't work with auto detect. I thought I would try this on Vista, of course it doesn't exist, but there is a replacement. In Vista (of course you have to run as admin): To Display current setting: netsh winhttp show proxy To import form IE: netsh winhttp import proxy source=ie (Does anyone know if you can use a different source?) To manually set it: netsh winhttp set myproxy:port local;localsite1;localsite2;... To Set back to direct: netsh winhttp reset proxy Also I noticed that it imports no proxy if you are set to use a script or automatically detect, the proxycfg in XP still pulls the manual configuration even after I set it to auto detect. It was set to manual configuration the first time I ran the command, so it appears to not look at the current settings but looks at what is in the registry for the manual configuration whether or not it is currently enabled. In XP: To Display Current Settings: proxycfg -d To Import from IE: Proxycfg -u To Manually Set: Proxycfg -p myproxy:port local;localsite1;localsite2;... Looks like under my environment I will have to use the manual set options to possibly solve the issue, the main problem I have found is that Java doesn't seem to work correctly if the browser is configured for auto detect, it will work however, if the browser is set to use a specific configuration script, or a manually configured proxy. Both of these options however do require the user to change settings if they have a laptop and try to use it outside of our network. Guess if this command fixes the problem I can look at writing a startup script to detect if they are on our local LAN or not and set it to direct or a manual proxy depending on the result, then push this script to clients with group policy. Thanks, Dean Weimer Network Administrator Orscheln Management Co -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Wednesday, April 15, 2009 7:32 AM To: Phillip Pi Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'? Phillip Pi wrote: Hello. I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2 machine, with its IIS, as a proxy server. I can make clients' web browsers (e.g., IE and Firefox in Windows XP), go through this proxy server with no problems. I am wondering if I can use Squid to do the same proxy for network devices (e.g., onboard network). I would like to be able to set up PCs' Internet access instead of web browsers. Thank you in advance. :) The use of Squid as HTTP proxy is limited only individual app or devices capabilities. On windows XP the command proxycfg -u IIRC is sufficient to get the MS-produced apps using the same settings as IE, whether they are proxy or not. I've heard tell of people using ActiveDirectory to push out proxy settings to all machines in a controlled network environment, mayhap an expert on that will say how if you need it. Other devices and apps you will have to check out individually and see what can be done. As a fallback for the really limited apps there is always interception at the network gateway device. Though this has a whole other set of problems and should only be considered as a last resort. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7
Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
You can't do transparent proxying here? -hackmiester Too short? http://five.sentenc.es/ 2009/4/15 Dean Weimer dwei...@orscheln.com: Interesting, saw this and thought that it might solve some problems I have been having with applications that import settings from the browser, but don't work with auto detect. I thought I would try this on Vista, of course it doesn't exist, but there is a replacement. In Vista (of course you have to run as admin): To Display current setting: netsh winhttp show proxy To import form IE: netsh winhttp import proxy source=ie (Does anyone know if you can use a different source?) To manually set it: netsh winhttp set myproxy:port local;localsite1;localsite2;... To Set back to direct: netsh winhttp reset proxy Also I noticed that it imports no proxy if you are set to use a script or automatically detect, the proxycfg in XP still pulls the manual configuration even after I set it to auto detect. It was set to manual configuration the first time I ran the command, so it appears to not look at the current settings but looks at what is in the registry for the manual configuration whether or not it is currently enabled. In XP: To Display Current Settings: proxycfg -d To Import from IE: Proxycfg -u To Manually Set: Proxycfg -p myproxy:port local;localsite1;localsite2;... Looks like under my environment I will have to use the manual set options to possibly solve the issue, the main problem I have found is that Java doesn't seem to work correctly if the browser is configured for auto detect, it will work however, if the browser is set to use a specific configuration script, or a manually configured proxy. Both of these options however do require the user to change settings if they have a laptop and try to use it outside of our network. Guess if this command fixes the problem I can look at writing a startup script to detect if they are on our local LAN or not and set it to direct or a manual proxy depending on the result, then push this script to clients with group policy. Thanks, Dean Weimer Network Administrator Orscheln Management Co -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Wednesday, April 15, 2009 7:32 AM To: Phillip Pi Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'? Phillip Pi wrote: Hello. I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2 machine, with its IIS, as a proxy server. I can make clients' web browsers (e.g., IE and Firefox in Windows XP), go through this proxy server with no problems. I am wondering if I can use Squid to do the same proxy for network devices (e.g., onboard network). I would like to be able to set up PCs' Internet access instead of web browsers. Thank you in advance. :) The use of Squid as HTTP proxy is limited only individual app or devices capabilities. On windows XP the command proxycfg -u IIRC is sufficient to get the MS-produced apps using the same settings as IE, whether they are proxy or not. I've heard tell of people using ActiveDirectory to push out proxy settings to all machines in a controlled network environment, mayhap an expert on that will say how if you need it. Other devices and apps you will have to check out individually and see what can be done. As a fallback for the really limited apps there is always interception at the network gateway device. Though this has a whole other set of problems and should only be considered as a last resort. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7
Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2 machine, with its IIS, as a proxy server. I can make clients' web browsers (e.g., IE and Firefox in Windows XP), go through this proxy server with no problems. I am wondering if I can use Squid to do the same proxy for network devices (e.g., onboard network). I would like to be able to set up PCs' Internet access instead of web browsers. The use of Squid as HTTP proxy is limited only individual app or devices capabilities. On windows XP the command proxycfg -u IIRC is sufficient to get the MS-produced apps using the same settings as IE, whether they are proxy or not. OK, I think this is perfect after trying it in a Dell OEM Windows XP Home SP2. Is this a common method for Windows' proxy setups? -- In an ant colony, dew is a flood. --Afghan /\___/\ / /\ /\ \ Phil/Ant @ http://antfarm.ma.cx (Personal Web Site) | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net \ _ / E-mail: phi...@earthlink.net or a...@zimage.com ( )
RE: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
That would solve this problem, but by forcing the use of a proxy, we get better control of the web traffic. It also allows us to use group policy to block access to setting the proxy for users not allowed to browse the web, without jumping through hoops required to setup authentication on the proxy server. We can't just block access to IE, because these users do need access to intranet applications. Currently there are only a couple of users that have laptops and access sites that have this problem the others are on desktops, and setting them to use the configuration script is a onetime deal. Even these users are a very small percentage probably only around 2% of all users. Setting up a transparent proxy with authentication to stop the users not allowed internet access would have an impact on the other 98% of users who work just fine with the auto detect settings. Of course if Sun just implemented an auto detect option in the Java Runtime Environment proxy settings, all my problems would just go away. Thanks, Dean Weimer Network Administrator Orscheln Management Co -Original Message- From: Hunter Fuller [mailto:hackmies...@gmail.com] Sent: Wednesday, April 15, 2009 11:25 AM To: Dean Weimer; squid-users@squid-cache.org Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'? You can't do transparent proxying here? -hackmiester Too short? http://five.sentenc.es/ 2009/4/15 Dean Weimer dwei...@orscheln.com: Interesting, saw this and thought that it might solve some problems I have been having with applications that import settings from the browser, but don't work with auto detect. I thought I would try this on Vista, of course it doesn't exist, but there is a replacement. In Vista (of course you have to run as admin): To Display current setting: netsh winhttp show proxy To import form IE: netsh winhttp import proxy source=ie (Does anyone know if you can use a different source?) To manually set it: netsh winhttp set myproxy:port local;localsite1;localsite2;... To Set back to direct: netsh winhttp reset proxy Also I noticed that it imports no proxy if you are set to use a script or automatically detect, the proxycfg in XP still pulls the manual configuration even after I set it to auto detect. It was set to manual configuration the first time I ran the command, so it appears to not look at the current settings but looks at what is in the registry for the manual configuration whether or not it is currently enabled. In XP: To Display Current Settings: proxycfg -d To Import from IE: Proxycfg -u To Manually Set: Proxycfg -p myproxy:port local;localsite1;localsite2;... Looks like under my environment I will have to use the manual set options to possibly solve the issue, the main problem I have found is that Java doesn't seem to work correctly if the browser is configured for auto detect, it will work however, if the browser is set to use a specific configuration script, or a manually configured proxy. Both of these options however do require the user to change settings if they have a laptop and try to use it outside of our network. Guess if this command fixes the problem I can look at writing a startup script to detect if they are on our local LAN or not and set it to direct or a manual proxy depending on the result, then push this script to clients with group policy. Thanks, Dean Weimer Network Administrator Orscheln Management Co -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Wednesday, April 15, 2009 7:32 AM To: Phillip Pi Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'? Phillip Pi wrote: Hello. I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2 machine, with its IIS, as a proxy server. I can make clients' web browsers (e.g., IE and Firefox in Windows XP), go through this proxy server with no problems. I am wondering if I can use Squid to do the same proxy for network devices (e.g., onboard network). I would like to be able to set up PCs' Internet access instead of web browsers. Thank you in advance. :) The use of Squid as HTTP proxy is limited only individual app or devices capabilities. On windows XP the command proxycfg -u IIRC is sufficient to get the MS-produced apps using the same settings as IE, whether they are proxy or not. I've heard tell of people using ActiveDirectory to push out proxy settings to all machines in a controlled network environment, mayhap an expert on that will say how if you need it. Other devices and apps you will have to check out individually and see what can be done. As a fallback for the really limited apps there is always interception at the network gateway device. Though this has a whole other set of
RE: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
That would solve this problem, but by forcing the use of a proxy, we get better control of the web traffic. It also allows us to use group policy to block access to setting the proxy for users not allowed to browse the web, without jumping through hoops required to setup authentication on the proxy server. We can't just block access to IE, because these users do need access to intranet applications. Currently there are only a couple of users that have laptops and access sites that have this problem the others are on desktops, and setting them to use the configuration script is a onetime deal. Even these users are a very small percentage probably only around 2% of all users. Setting up a transparent proxy with authentication to stop the users not allowed internet access would have an impact on the other 98% of users who work just fine with the auto detect settings. Overlooking the fact you can't do www auth on transparent proxies. You can do IP-validation and such authorizations only. Of course if Sun just implemented an auto detect option in the Java Runtime Environment proxy settings, all my problems would just go away. :) Amos Thanks, Dean Weimer Network Administrator Orscheln Management Co -Original Message- From: Hunter Fuller [mailto:hackmies...@gmail.com] Sent: Wednesday, April 15, 2009 11:25 AM To: Dean Weimer; squid-users@squid-cache.org Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'? You can't do transparent proxying here? -hackmiester Too short? http://five.sentenc.es/ 2009/4/15 Dean Weimer dwei...@orscheln.com: Interesting, saw this and thought that it might solve some problems I have been having with applications that import settings from the browser, but don't work with auto detect. I thought I would try this on Vista, of course it doesn't exist, but there is a replacement. In Vista (of course you have to run as admin): To Display current setting: netsh winhttp show proxy To import form IE: netsh winhttp import proxy source=ie (Does anyone know if you can use a different source?) To manually set it: netsh winhttp set myproxy:port local;localsite1;localsite2;... To Set back to direct: netsh winhttp reset proxy Also I noticed that it imports no proxy if you are set to use a script or automatically detect, the proxycfg in XP still pulls the manual configuration even after I set it to auto detect. It was set to manual configuration the first time I ran the command, so it appears to not look at the current settings but looks at what is in the registry for the manual configuration whether or not it is currently enabled. In XP: To Display Current Settings: proxycfg -d To Import from IE: Proxycfg -u To Manually Set: Proxycfg -p myproxy:port local;localsite1;localsite2;... Looks like under my environment I will have to use the manual set options to possibly solve the issue, the main problem I have found is that Java doesn't seem to work correctly if the browser is configured for auto detect, it will work however, if the browser is set to use a specific configuration script, or a manually configured proxy. Both of these options however do require the user to change settings if they have a laptop and try to use it outside of our network. Guess if this command fixes the problem I can look at writing a startup script to detect if they are on our local LAN or not and set it to direct or a manual proxy depending on the result, then push this script to clients with group policy. Thanks, Dean Weimer Network Administrator Orscheln Management Co -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Wednesday, April 15, 2009 7:32 AM To: Phillip Pi Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'? Phillip Pi wrote: Hello. I got Squid v2.7 stable 6 installed and working in a Windows XP Pro. SP2 machine, with its IIS, as a proxy server. I can make clients' web browsers (e.g., IE and Firefox in Windows XP), go through this proxy server with no problems. I am wondering if I can use Squid to do the same proxy for network devices (e.g., onboard network). I would like to be able to set up PCs' Internet access instead of web browsers. Thank you in advance. :) The use of Squid as HTTP proxy is limited only individual app or devices capabilities. On windows XP the command proxycfg -u IIRC is sufficient to get the MS-produced apps using the same settings as IE, whether they are proxy or not. I've heard tell of people using ActiveDirectory to push out proxy settings to all machines in a controlled network environment, mayhap an expert on that will say how if you need it. Other devices and apps you will have to check out individually and see what can be done. As a
Re: [squid-users] Using Squid as a proxy to change network devices' properties instead of web broswers'?
Question about this proxycfg.exe in XP: Does this work for all Internet program? I can get it to work with IE (v6-v7) and CDBurnerXP (to download its update for the program), but not Firefox. I read that the program has to know winHTTP. Am I understanding this correctly? If so, then how do I know which programs support that to do proxy? -- In an ant colony, dew is a flood. --Afghan /\___/\ / /\ /\ \ Phil/Ant @ http://antfarm.ma.cx (Personal Web Site) | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net \ _ / E-mail: phi...@earthlink.net or a...@zimage.com ( )