Unix/Linux Go Back    


Gentoo Gentoo Linux is a versatile and fast, completely free Linux distribution geared towards developers and network professionals.

Squid 2.6STABLE1 and IE6 SP2

Gentoo


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 07-24-2006   -   Original Discussion by deckard
deckard's Unix or Linux Image
deckard deckard is offline
Registered User
 
Join Date: Jul 2002
Last Activity: 8 June 2012, 5:12 PM EDT
Location: Ohio
Posts: 135
Thanks: 0
Thanked 0 Times in 0 Posts
Squid 2.6STABLE1 and IE6 SP2

I have a very short period of time in which to set up a proxy server for about 800 Windows boxes that "have to" use IE5 or IE6. I decided to try Squid since it seems to be the most popular proxy out there and it supports SSL/https proxying. I tested quiet a few things the past few days and everything looked good. But I run Gentoo Linux as my desktop and Firefox as my browser. Today, I gained access to a Windows box to test with and I found that the proxy didn't work. When I'd point IE to my Squid proxy and then restart it, I couldn't get anywhere when I'd type in any URL (local or on the internet). So I did some Googling and found a tip that I could either set "use http 1.1 when proxying" to on in the Internet Options dialog or I could apply the latest IE patches. I tested by setting the suggested http 1.1 setting and that allowed the proxy to work. The problem I'm facing is that our Windows admin is positive there is no way to set this for all the browsers centrally. So I'm wondering if there are any changes that I can make on the proxy side to make Squid a bit more friendly to IE. Anyone else using Squid in a medium sized (500+ workstations) environment with IE5 or IE6(SP2)/?
Sponsored Links
    #2  
Old Unix and Linux 07-25-2006   -   Original Discussion by deckard
deckard's Unix or Linux Image
deckard deckard is offline
Registered User
 
Join Date: Jul 2002
Last Activity: 8 June 2012, 5:12 PM EDT
Location: Ohio
Posts: 135
Thanks: 0
Thanked 0 Times in 0 Posts
So far...

...this particular question has proven to be hard to answer. Most of my Googling has resulted in the same basic answer which is to set the IE6 browser to use http 1.1 when proxying. I also posted on a Windows list and the people there (who use Squid) recommended making that same change for Squid either by using a logon script or manually editing the appropriate key in the mandatory profile. So this is going to be a hard one to resolve for our Windows admin. There isn't really anything that can be done on the Squid side of the equation since the problem lies within the IE6 browser's implementation of http 1.0. There is supposedly a hotfix, but it's not recommended by MS and isn't included in the latest updates nor will it be in the future. The Windows admin is certain that even if we applied the hotfix (which reverts to an older DLL) that the DLL would be replaced with a newer one from the DLL Cache or overwritten by newer XP or IE updates that are automatically applied by the SUS server. So, the ONLY answer appears to be to find a way to set all proxied browsers to use http 1.1. Linux
Sponsored Links
    #3  
Old Unix and Linux 07-27-2006   -   Original Discussion by deckard
this213's Unix or Linux Image
this213 this213 is offline
Registered User
 
Join Date: Feb 2006
Last Activity: 15 April 2010, 3:09 PM EDT
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by deckard
I tested by setting the suggested http 1.1 setting and that allowed the proxy to work. The problem I'm facing is that our Windows admin is positive there is no way to set this for all the browsers centrally.
You can do exactly this from within your AD DC. Depending on the policies you currently have, you may have to create a new policy specifically for this. See http://www.mensys.nl/netop/docs/NNF_deployment.pdf for the general directions.

On a different note, I would seriously question anything I was using that only allowed me to use IE (as opposed to any other browser). Chances are, you have no real reason to even have to use Windows in a corporate environment, especially if your applications are already web-based. Since your critical applications are web based (I'm guessing due to your professed "need"), someone messed up one of the main reasons to have web-based applications to begin with. That being the ability to connect using cheaper, non-proprietary, platform independant clients.

On yet another note, if your Windows systems admin doesn't know how to apply group policies to a corporate AD domain, they either need to be replaced or trained or your whole network should be migrated to Linux (mainly for security reasons). IMO Windows doesn't belong on a corporate network to begin with, but if you're not using AD to its full potential someone in charge over there really needs to take another look at the way your infrastructure is operating. I don't mean for this to sound rude, nor am I trying to spout the "joys of open source solutions" to you. Rather, I'm giving you sound advice which may stop a future incident from crippling your infrastructure (and perhaps costing people jobs).
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Squid vs iptables = no Squid access.log? theWojtek IP Networking 0 03-11-2012 10:27 AM
Squid acls majid.merkava Emergency UNIX and Linux Support 0 04-23-2011 03:15 PM
Squid+DNS surfer24 Linux 7 12-25-2008 01:26 AM
Squid dns beardiebeardie UNIX for Dummies Questions & Answers 1 02-25-2008 02:19 AM



All times are GMT -4. The time now is 11:26 PM.