Organisations can use proxy servers for various reasons; to restrict access to certain content, to cache web pages and reduce internet traffic – whatever the reason various approaches can be used:
- Explicitly specify a proxy server in applications such as Internet Explorer
- Use Proxy auto-config
- Transparently force HTTP traffic through a proxy server
This blog post will focus on the last option, transparently routing traffic through a proxy server. There are some disadvantages to this approach:
- Authentication can’t be performed on a per-user basis as the web browser is unaware that traffic is bring sent through a proxy server
- Without having client computers trust a custom CA and performing a man-in-the-middle attack on all HTTPS traffic, SSL/TLS traffic can’t be sent through the proxy
Once implemented, this will look something like the following:
Continue reading Using Squid and Juniper PBR as a transparent proxy
I spent some time a while ago automating the backups of network device configuration to a restricted network share and thought I’d share a simple batch script to backup the configuration from multiple Juniper Netscreen (ScreenOS) firewalls.
REM CONFIGURATION INFO
REM STOP CHANGING HERE OR YOU'LL BREAK SOMETHING
for /F "tokens=1,2 delims=," %%A in (%CFGFILE%) do (
IF NOT EXIST "%DESTDIR%%TIMESTAMP%" mkdir "%DESTDIR%%TIMESTAMP%"
pscp -q -scp -pw %PASSWORD% %USERNAME%@%%B:ns_sys_config "%DESTDIR%%TIMESTAMP%\%%A.cfg"
Continue reading Automatically backup Netscreen firewall