[squid-users] Transparent Proxy / Authentication / Landing Page
Dear all, I need to implement a Proxy Solution that works as following: 1. Proxy should be implementable without any changes on the net, it should just replace the router 2. Proxy should log any traffic in a logfile with username, ip and connected site, should work for http, ftp, https. 3. Users should authenticate at the proxy before they’ll be granted any access to the internet. How ? Users are required to open the webbrowser, type in any page, be redirected to a landing page where they’re required to type in their username and password, that’s going to be checked from LDAP if correct they’ll granted internet access (that might work with mac-address ⇔ ip address ⇔ username coupling) after that combination changes the user is required to relogin. Has anyone any idea how to actually Implement that in a system ? Thanks, Markus
[squid-users] Forcing Squid 2.7 to use specific Interfaces
Some Facts: - Using Squid 2.7 on Debian Linux - Dell Machine with one internal ETH (eth0) = disabled, 2x D-Link DFE-530TX ETH Cards (Eth1, Eth2) - Squid Proxying only - Question: Hi there, regarding the following scenario: Internal Network via ETH1 (192.168.0.0/24) = Squid Server (eth0 down / eth1: 192.168.0.6 / eth2: 10.0.0.7) = Routing Network (10.0.0.0/28) via ETH2 = Router (10.0.0.1) = Internet How can I force squid to exactly use this kind of scenario. That means accept Open a Port Proxying requests from the internal network; No Port / Deny Requests from the external AND Keep this direction that traffic from or to the internet is exclusively routed thru the external interface. Any Ideas ? Thanks, Markus
[squid-users] Usage / Log analysis specifically for a user / website
Hi, heres the case: Ive implemented a squid proxy at a school which requires the users to authenticate against an LDAP Server. That means when the user enters a web-address in the browser the Proxy requires the user to authenticate himself, meanwhile squid logs everything in the background. Day by day where gathering ~ 550 MB of Access.logs a day. Fine so far Now theoretically lets say a note from the local police station arrives saying that some user watched something illegal - via the schools DSL Line - the data protection officer must be able to tell who of the users did that. How can I give that kind of functionality to that officer !? In that case he needs to analyze all logs of that year (365 Files) by means of per user analysis and per Page / Domain. So an analysis which pages the user visited when and how often from which place AND a search for which users view a certain page / domain. The Proxy itself is running Debian 6.0.3, Squid 2.7 and Webmin. Any ideas ? How to do that via a web interface ? Thanks in advance, Markus
[squid-users] Squid 2.7 Access Logging
Hi, Ive installed Squid 2.7 on a proxy server at a local school. But I still got one problem. I need squid to keep its access logs for 1 year and wishfully start of a new squid access log every day. Is that somehow possible ? Thanks in advance, Markus