I put a new squid/dansguardian in place duplicating what I had for a couple of
other networks. The proxy is configured for everyone going through one of two
groups with the ability in the 2nd group to elevate their privileges to bypass
the filter by clicking on a link in the denied page.
Has anyone successfully setup shorewall with squid in tproxy mode? I'm
having a hard time finding documentation on the shorewall side to work
with Squid... Does anyone have any? Thanks.
I've been messing around with getting my squid proxy to allow
authentication to OWA (outlook web access) and discovered something very
interesting...
If I try another site that has OWA running behind an iptables based
firewall (shorewall) I get the exact same message. This OWA is
accessible
I'm using Squid v. 3.1.0.17 on Fedora Core 12. In my search to get OWA running
I stumbled on the command:
extension_methods RPC_IN_DATA RPC_OUT_DATA
I opened up my squid.conf and found the tag extension_methods in the config
file so I uncommented it and added the RPC_IN_DATA and
Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Tuesday, June 01, 2010 6:29 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Accessing OWA or Sharepoint through Squid
3.1.0.17
On Tue, 1 Jun 2010 11:25:35 -0500, Johnson, S
sjohn...@edina.k12.mn.us
wrote:
More
I'm using Squid and Dansguardian to block and cache sites.
Everything works great but accessing OWA or Sharepoint related site with
authentication doesn't work. I get a great non-descript error in IE:
Internet Explorer cannot display the webpage. If I try using Chrome,
the login prompt just
More information based on the searches I've done...
I'm using transparent mode on the squid proxy (without auth). Well,
I've got an AUP page set up for the users to agree to but no
LDAP/AD/NTLM auth is being performed on this proxy.
However, I tried the other squid proxy with ntlm_auth and it
When I try to access a quicktime video through my squid proxy I get the
401 unauthorized error. In my searches I see that 4 years ago people
were referencing that 2.5 didn't support RTSP. Now that we're up to
3.x, is RTSP supported? If not, is there a work around to play these
videos?
Thanks
:10 AM
To: Johnson, S; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid Quicktime RTPS 401 unauthorized error
In times gone buy I created an acl for the quicktime browser and
disabled authentication for the quicktime user-agent as it would
completely break on my macs.
N
On 22/04/2010
Hello,
I've got a weird issue that I've been finding off an on. I can finally
duplicate it regularly now. I'm working with a public network that
we've separated from the local network. We have web resources that are
on the external side of the squid box.
This is what our network looks like:
I've got a squid proxy running in transparent mode with an AUP on a public
wireless network which is separated from our private network. We run a local
webserver here and found that users get the AUP and cannot click past it when
attempting to get to the local web server.
Without using the
.
-Original Message-
From: Johnson, S [mailto:sjohn...@edina.k12.mn.us]
Sent: Thursday, April 08, 2010 9:50 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Squid is unable to connect to local webservers
I've got a squid proxy running in transparent mode with an AUP on a public
wireless
I'm missing something here... I had another squid/dansguardian proxy
that was set up to pass though HTTPS traffic and I as using a URL
blacklist to prevent bad site access. Unfortunately, that proxy was
lost and I'm building anew.
I have my browser set to port 3128 (squid) and when I try to
Ok, I see what you mean.
Yes, I tried the https://www.openssl.org and it worked a-ok but it's still not
showing in my squid log.
-Original Message-
From: Henrik Nordström [mailto:hen...@henriknordstrom.net]
Sent: Friday, April 02, 2010 1:29 PM
To: Johnson, S
Cc: squid-users@squid
I've got one of my squid/dansguardian boxes configured for transparent proxy
using an UAP to authorize the connection. What happens is the AUP shows, the
user clicks on the accept link (which is just a URL forward to where they were
originally going) then it drops them right back into the AUP.
Thank you!
-Original Message-
From: Henrik Nordström [mailto:hen...@henriknordstrom.net]
Sent: Thursday, April 01, 2010 3:41 PM
To: Johnson, S
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] delay on session acceptance with AUP redirection
tor 2010-04-01 klockan 15:02 -0500
Ok, I've almost got everything working right but I've run into one last issue.
I've got an AUP set for my users to accept before they go out to the internet.
This works great for all but one thing.
Any time I try to hit one of my local web servers that share the public address
range of the
Squid 3.1.0.17
Ok, I'm able to get some of this working right... Although it's not
quite what I expected for results. My config is below...
First, I think since I have myserver in the acl then the AUP page
doesn't display if the user has their home page set to
http://www.myserver.com;.
Did you look at SSLbump?
I've got a squid proxy with dansguardian working on it. Youtube.com is
blocked (blacklisted) however there are other external sites that
contain embedded video hosted on youtube that this place wants to
access. Does anyone know if I can open this functionality through Squid
and/or dansguardian?
Hmm, when I do this command all I get is a brief statistics of the
filter; no IP addresses show...
Scott
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Tuesday, January 06, 2009 11:47 PM
To: Rick Chisholm
Cc: Johnson, S; squid-users@squid-cache.org
Subject
...@treenet.co.nz]
Sent: Monday, January 05, 2009 10:18 PM
To: Johnson, S
Cc: Kinkie; Guido Serassio; squid-users@squid-cache.org
Subject: Re: [squid-users] NTLM and transparent/interception confusion
Johnson, S wrote:
Keep in mind, group policies cannot always be used as in our
environment.
We are a K-12
I'm using NTLM_AUTH for my authentication mechanism, but if I run
smbstatus I do not see anyone connected (and I know I am). Is there
another tool to see who is connected to my server or at least their IP
address? (I know I could dig through logs... but I just want a quick
snapshot of who is
allowed me a
lot of flexibility to add in multiple proxies with ease (and the users
would never know the difference).
sj
-Original Message-
From: Kinkie [mailto:gkin...@gmail.com]
Sent: Saturday, January 03, 2009 12:51 PM
To: Guido Serassio
Cc: Johnson, S; squid-users@squid-cache.org
Subject
That's too bad... I've set up numerous Bluecoat proxies and they do
have this capability. But of course, you're paying about $50k usd /
box.
-Original Message-
From: Guido Serassio [mailto:guido.seras...@acmeconsulting.it]
Sent: Thursday, January 01, 2009 4:00 AM
To: Johnson, S; squid
I've got the proxy work great with setting the browser configuration.
Now I'm trying to get the transparent piece working so I added the
http_port 3128 transparent and set the IPTABLES rule to route the
packets from 80 to 3128. I can see that this piece is working as it's
logging my attempts in
I've been doing a lot of reading on this... I've got the proxy working
in either of these two modes:
1) As a browser configuration proxy
2) with http_port 3128 transparent, in redirected mode
I've got NTLM authentication working just fine with #1 above. However,
with #2 I never get a password
Since this is going to be a public network, people will have the
ability to load wireshark or another sniffer program.
I just got the squid_ldap_auth working ok on my segment but when
watching the protocol analyzer I see that the auth requests against the
AD are coming in as clear text
Ok, I think I got my issue narrowed down to the encryption that is being
used to authenticate to my Microsoft IAS radius server. I'm getting an
invalid auth type in the error on the server. Does anyone know what
type of encryption is used on for this connection and/or how to
configure squid to
Ok, I scrapped the radius authentication and went back to NTLM. Is it
possible to check for a group membership during/after authentication to
allow a user to use SQUID? For instance, I want to be able to take away
or grant access to the proxy based on an AD group membership.
Thanks
Scott
I'm trying to get the squid_radius_auth working and have tried to manually
connect to my Microsoft radius server. I cannot get an ok for a response when
manually testing the connection. Although, I can see the attempts in my
Microsoft radius server log so I know I'm hitting it. I have a
I'm working on getting this working but I'm unclear on the hardware placement
for each of the devices.
Is it:
A)
Workstation-Cisco-Squid--internet
(WCCP) (NAT)
B)
Workstation-Cisco (WCCP)
|
I've been digging around while working on this and found a reference from
someone 4 years ago that said that transparent proxy does not work with
authentication. Is this true? I need to perform the following tasks:
1) Authenticate users against a windows AD
2) Transparent proxy (without the
Does anyone know of a good HowTo on running WCCP and Squid together?
(Specifically running WCCP on the linux box itself and not a Cisco
router.)
Thanks
Scott
I've been digging around for an answer on this and am trying to figure out the
best layout for attempting a WCCP2/Squid transparent proxy.
I've done several installs of Cisco WCCP2 using Bluecoat's proxy, but this
would be a much cheaper method.
The hardware layout of Bluecoat was like the
Anyone have recommendations for a URL filtering list through squid?
Regards,
Scott
36 matches
Mail list logo