[PLUG] Don't know how to google for this effectively...

[AthlonRob]

On Sun, 2004-11-14 at 08:54 -0800, Darkhorse wrote:
> You're better with squid then I am then.  Have you been forced 
> to add exceptions to squid for certain sites?  I can't get my.pcc.edu
> to work through squid for example and I hear that myfamily.com has
> problems too.  Is there special patching to squid that has to be done
> for secure web pages, etc.?  If there's a way to get practically any
> site to work through squid, that would be better because it would 
> allow the use of clamav against all incoming content.

How do/did you have Squid set up?  As a transparent proxy?  As far as I
know, you can't transparently proxy HTTPS sites.  I don't fully
understand why, but I have had no luck with them.  Generally speaking,
there's no need to keep people away from HTTPS sites, though.  If it is
an issue, you can simply block HTTPS and require users to run HTTPS
through your proxy manually.

I haven't had any issues accessing PCC sites and myfamily.com popped
right up just now.

> I can't get windowsupdate to work through squid.  For obvious reasons,
> it would nice to force content from windowsupdate.com through antivirus
> prior to letting these updates install on a workstation.  I don't think
> ports 80 and 443 are the only tcp/udp ports that have to be open for
> windowsupdate.com to work.  I'm so frustrated with not being able to run
> windowsupdate.com through a filtered proxy that I've almost said no
> Windows machines on the Internet.  

How were you filtering?  WindowsUpdate will be filtered from working if
you disable the download of executable files.  It's hard to say exactly
what the issue might be, however, without knowing what you're using to
do the actual filtering.  And *are* you using Squid transparently?  It
also might be nice to see parts of your squid.conf file.

-- 
Rob                                |  If not safe,
   Jabber: athlonrob at axpr.net   |    one can never be free.