Squid Proxy Autodetection in client

Hi,

I’ve setup transparent Squid proxy sucessfully and added IPtables too. When I connect from client computer (Vista) by providing proxy address and port in the browser I was able to browse the sites without any issues. But, if I remove the proxy settings in the browser I was not able to browse the sites.

Followed the link Linux: Setup a transparent proxy with Squid in three easy steps to setup transparent squid proxy.

In client i’ve added the proxy ip as gateway and DNS… I am able to ping the proxy server from the client system. I am able to browse the sites if I specify the proxy ip in the browser (port 80 and port 3128 is working fine).

But, duno why I was not able to browse the websites if I remove the proxy settings in the browser…

Any Ideas?

Different clients differ in their success of autodetection. And you have to be prepared for the possibility that some client won’t be able to and you have to set the proxy settings manually.

Normally sites use a Proxy Automatic Config file (.pac) which is a snippet of Javascript that tells the web browser where to direct requests. This simplifies the job of settting up proxies, one item instead of many, and sometimes the web browser can find it automatically if you put it on the gateway’s webserver. You can do a search for that term.

Hi Ken,

Is it not possible to make my transparent proxy auto detectable without setting up PAC? In most of the threads it has been mentioned that no need to configure the browsers if the proxy has been setup as transparent proxy. Also, as my internal network users requires access to various protocals + ports is it advisable to use the PAC for configuring the client?

No it’s not possible in all cases. What I think Windows does is guess that the gateway is running a web server and try to fetch proxy.pac. If that fails it guesses that the gateway is running a proxy and tries some common ports like 8080 and 3128. If that fails I think it goes on to guess some other hosts on the subnet. I don’t think Mozilla browsers even attempt that but I haven’t looked recently. So having a proxy.pac makes it a bit more likely but in the end it’s still a heuristic. I don’t know what Mozilla attempts.

Of course, if you are running an all Windows shop, the proxy URL is probably sent out to Windows clients. After all there has to be some benefit to tying everything together. I think the open standard way is to use mDNS to advertise the proxy service. (A guess.)

But it’s worthwhile having a proxy.pac anyway. It allows you to control the proxy config in one place without having to redo the clients.

That’s the reason interception or transparent proxying is tempting, it is supposed to be transparent. Most of the time anyway.

AjaikumarR schrieb:
> Is it not possible to make my transparent proxy auto detectable without
> setting up PAC? In most of the threads it has been mentioned that no
> need to configure the browsers if the proxy has been setup as
> transparent proxy.

There seems to be a small misconception here. If you have a transparent
proxy then there is no need to autodetect anything. Transparency means
that the clients do not even notice they are using the proxy.

So if your proxy only works when the client is configured for proxying
then it is not a transparent proxy. In other words, you must have made
a mistake in setting up the transparent proxy.

Did you follow exactly the steps described on the page you cited?
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
Did you realize that page assumes your proxy server is installed as a
router between your clients and the Internet? Is that the case?
What does your network look like, anyway?

HTH
T.


Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany