On Wed, 2004-01-14 at 11:01, Timothy J. Massey wrote: > [EMAIL PROTECTED] wrote on 01/14/2004 01:23:48 PM: > > > At 10:43 AM 1/14/2004 -0500, Timothy J. Massey wrote: > > [...] > > > > If you want more details than this ... for example, if you want > the actual > > > > URLs logged, not just the IP addresses ... then a proxy server > > is the usual > > > > way to go. I seem to recall that Squid can run in a non-caching > > mode, but I > > > > do not remember the specifics. In any case, that is application- > > layer info, > > > > not normally recorded by routers and firewalls, which work at the > network > > > > and transport layers, almost entirely. > > > > > >And that's why I was considering Squid. It seems that for transparent > > >proxying, you need Squid to be compiled with certain switches. I > have yet > > >to find a LEAF Squid compiled in this way, and I don't have a LEAF > compile > > >environment. > > > > I'm not quite sure what you mean here. > > > > Squid can be set up in no-cache mode quite easily via the squid.conf > file > > ... see > > http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.20 > > for the details. > > This I understand. > > > > If you want Squid to cache invisibly ... > > Yes, I do. > > >TheSquid FAQ at > > http://www.squid-cache.org/Doc/FAQ/FAQ-17.html > > seems to say that, for a Linux system, the necessary reconfiguration > can be > > done in squid.conf (and some iptables rules, of course). > > It also needs to be compiled with "./configure --enable-linux-netfilter > ", and I haven't found a LRP version that was, as far as I can tell... > > > But in all of this, I may still be misunderstanding what you want to > > accomplish ... in particular, how thoroughly you want to conceal the > > existence of this monitoring scheme from your customers. (If you > don't want > > to conceal it at all, just run Squid as a normal proxy and tell them > they > > have to set their browsers to use it. Right?) > > No, you have it mostly right. I would love to just say, "Turn on > proxying in the browser" but the *client* doesn't want it that way. > > He wants a server that logs all (or most all: I'm not worried about > non-80 ports) web usage. He wants to see how much time employees are > spending on surfing the web for non-business reasons. And he wants it > to work without reconfiguring every client: transparently. > > Squid came to mind first, but finding an LRP module that has the proper > compile options has been difficult (impossible, really). I was really > hoping that someone knew of something more simple: something that just > scanned all port-80-bound traffic and grabbed the GET line from the > stream, for example, or similar. I guess there isn't such a system... > > Tim Massey > Transparent proxying is implemented by configuring iptables/netfilter to redirect packets to the squid server. The Squid logs will show that all requests come from the netfilter box.
In other words you can have transparent proxying or detailed monitoring, but not both. -Richard ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
