A solution to the Galeon situation?

George J Karabin gkarabin at pobox.com
Sat Aug 23 15:26:54 UTC 2003 

Thanks. To answer why I might need this, I'm looking into doing some
kind of wrapper library for the WPAD "protocol", which is summarized
here: http://wlug.org.nz/WPAD . I'd like to hide as much of the details
of how a proxy for a given URL is determined, so that client apps don't
have to continue solving the same problem. KDE implements this, and I'd
like to see it in GNOME or other unaffiliated apps as well.

The basic algorithm that I've seen used before is to check to see if a
URL matches a certain domain name or netmask filter for direct lookups,
and otherwise fallback to WPAD or manual proxy configuration.

I'm used to thinking of proxy servers being the only gateway between an
intranet and the internet. Now that I think about it, when I worked at a
startup back in the day, our proxy setup was similar to yours, where the
proxy was available as a caching performance booster, but you could
still bypass it.

For an intranet that uses WPAD, you'd expect it to provide a proxy
configuration file that tells the client about the kind of exceptions
that you're talking about, so it "just works".

Anyway, thanks for getting this idea into my head. Maybe the right thing
to do is to let the user supply his own proxy configuration file so he
could encode his own rules if the network admin hasn't already. I'll
give it some thought.

Regards,

- George

On Sat, 2003-08-23 at 03:37, shrek-m at gmx.de wrote:
> George J Karabin wrote:
> 
> >On Fri, 2003-08-22 at 07:51, Joel Young wrote:
> >  
> >
> >>Sometimes I need to run with two different browsers so I can have one
> >>without a proxy and the other with one.
> >>    
> >>
> i am not sure why you need this.
> 
> in mozilla, firebird, ...
> no_proxy_for:127.0.0.1,ownwebserver,.sld.tld,.other.domain
> 
> >Can you describe a scenario when you'd like to do this? Is it that you
> >want to only use the proxy for certain host names or netmasks? The
> >control center applet could be hacked to support that. Or do you need
> >some behavior that's more complex?
> >
> 
> 
> i could think about this scenario.
>   (internet_access should have only the proxy-servers)
> 
> ".microsoft.com" and other domains are denied,
> ftp and other ports are denied.
> sometimes i need access on it.
>   - i change the settings to "direct_internet_access"
>   or i change the proxy-server-address
>   from "squid-for-users" to "squid-for-admins"
>   - browse
>   - undo the settings
> ".microsoft.com" and other domains are denied again,
> ftp and other ports are denied again.
> 
> an other browser with other settings,
> why not ?
> 
> 
> 
> 
> ----snip--squid.conf----
> acl sites dstdomain "/etc/squid/sites"
> acl sites-regex urlpath_regex -i blabla
> acl sites-dstdom  dstdom_regex -i blubber
> 
> http_access deny sites
> http_access deny sites-regex
> http_access deny sites-dstdom
> 
> 
> ----snip--/etc/squid/sites----
> .microsoft.com
> .microsoft.de
> 
>

More information about the fedora-test-list mailing list