[CLUG-tech] ISA rolout at ICT

Stefano Rivera stefano at clug.org.za
Tue Dec 4 13:52:33 SAST 2007

Hi Rainer (2007.12.04_10:43:23_+0200)
> Sounds interesting - but I just installed squid and looked at the config 
> (using gadminsquid and webmin) but I a just overwhelmed by the options. 
> Is there an easy way to configure it as local only, very small (or no) 
> disc cache and sending requests through to other proxies?

I don't see the point of running a squid, if you *have* to use an
upstream ISA proxy. It won't help anything.
If you have no choice but to involve NTLM authentication (i.e. go
through the ISA proxy) then you need something like ntlmaps.

How smooth you can make it for yourself depends on the level of
administrative access (or muscle) you have:

* "Transparent" intercpting proxying is the easiest for the user. You
  redirect all outgoing web traffic from user's machines to the
  transparent proxy, instead of blocking it.
  But, this can't be combined with authentication.
* Next is to set up wpad autodetection, in the form of a
  DHCP option 252 = ""http://wpad.yourdomain.lan/wpad.dat" and a
  wpad.yourdomain.lan DNS entry pointing to a webserver containing a
  wpad file. See http://en.wikipedia.org/wiki/Wpad
  If you have wpad autodetection, then you can put your web-browser in
  "automatically detect" mode, and it should pick up the right proxy.

  Other programs won't autodetect it, though.
  You can still privately transparent proxy on your own machine.


Stefano Rivera
  H: +27 21 794 7937   C: +27 72 419 8559

More information about the clug-tech mailing list