Re: Web-page based proxy service
On Monday 17 January 2005 12:08, Wouter Verhelst wrote: > Are the things you want to send through the proxy delimited by the > network they appear on? e.g., you want traffic for the 'Net to go > through the proxy, but want to keep traffic for your local LAN as direct > traffic? If so, then transparent proxying should work perfectly for you. No, actually what I want to do is provide a bit of security in a hostile network environment. Let's say we have a user who wants to check his web-based email (Yahoo, Hotmail, etc.) that doesn't offer SSL, and there's a high possibility that the network is being monitored by Unfriendlies. The second problem is that said user could potential desire to visit any website where he would be handing over passwords, credit card numbers, etc., so building a "whitelist" of servers, as some have suggested. My attempt at a solution is to provide a secure https server that acts as a proxy; all traffic from, say, Hotmail, would be encrypted by the server before being passed on to the user, but at the user's discretion, rather than my direct intervention. However, since my bandwidth is not unlimited, and since there's no point in encrypting _everything_, I don't want everything to go through the server. Several people have mentioned CGIProxy, which almost fits the bill, except that sites that require JavaScript can be problematic. Plus, it's horribly slow. However, in the absence of any other alternative, it's all that I've got. :Peter
Re: suexec permissions
On Mon, 2005-01-10 at 10:48 +0100, nodata wrote: > Good morning, > > I'm having a some permissions trouble with suexec running on Sarge. > > I have a virtualhost for a user called Bob which specifies User Bob and > Group Bob in the /etc/apache/conf.d/bob.conf file. > > The permissions on /var/www/bob are: > drwx-- 2 bob bob 4096 Jan 10 10:30 cgi-bin > drwx-- 26 bob bob 4096 Jan 10 10:30 htdocs > > and the permissions on /var/www/bob/htdocs/index.html are: > drwx-- 1 bob bob 4096 Jan 10 10:30 index.html > > When I restart Apache, I get the following message in the Apache error log: > [Mon Jan 10 10:35:00 2005] [notice] suEXEC mechanism enabled (wrapper: > /usr/lib/apache/suexec) > > But when I try to access index.html, bob's error log shows: > > [Mon Jan 10 10:36:00 2005] [error] [client 10.1.1.1] (13)Permission > denied: access to /index.html failed because search permissions are > missing on a component of the path > Ofcourse you get this. Apache is run under www-data user and with this permissions www-data user cant stat any CGI in Bob's directory. You must put execute/access permission on directory and that is access bit (x) for directories. `chmod 701 /var/www/bob` and same for any directory where apache (www-data) must enter to get files/scripts. With this setup other users can enter his directory but can't read anything. If they try to something like `ls -l` they'll get "ls: .: Permission denied" -- v, v v Zeljko Brajdic - Zorz
Re: Web-page based proxy service
Op zo, 16-01-2005 te 06:21 +0300, schreef Peter Clark: > On Saturday 15 January 2005 16:39, Fraser Campbell wrote: > > If you put squid as people's default gateway then you can transparently > > redirect all web requests through squid, if they hadn't authenticated then > > you could have an authentication box pop up or redirect them to an > > authentication webpage if you prefer. > But this would require changing the user's browser settings, right? No. Transparent proxying works 'transparent' to the user; he doesn't know that there is a proxy. > The > thing is, I don't want _everything_ to go through the proxy, Are the things you want to send through the proxy delimited by the network they appear on? e.g., you want traffic for the 'Net to go through the proxy, but want to keep traffic for your local LAN as direct traffic? If so, then transparent proxying should work perfectly for you. > which is what > would usually happen if it was set via the browser. > Unless I misunderstood and am mistaken about Squid's capabilities... You did (but note that you'll need to do some iptables magic to make this possible) -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune