What you do to accomplish this is to transparently intercept the
connections, but instead of redirecting the connections to Squid you
redirect them to a simple web server (for example Apache) which no
matter what request it received sends a browser redirect sending the
user to another internal web server giving these instructions.
The following trivial shell script based web server run from (x)inetd
even does the trick, but I'd recommend using a better web serer:
-- cut here --
#!/bin/sh
cat <<EOF
HTTP/1.0 302 Found
Location: http://www.your.domain/howto_setup_proxy.html
Content-Type: text/html
You need to configure your proxy settings. See
http://www.your.domain/howto_setup_proxy.html
for detailed instructions
EOF
sleep 1
-- cut here --
Regards
Henrik
Fabien Salvi wrote:
>
> Hello,
>
> I've made some tests with transparent proxy which work fine.
> But, I would like to do something a bit special.
>
> * Actually, when a user is trying to access the Internet, he can't if
> not using our proxy server
>
> => I could just setup the transparent proxy and he could access without
> knowing he's using a transparent proxy.
> It would work fine.
>
> But, I don't want users to not making the good proxy configuration for
> security and other personal reasons including the drawback of
> transparent proxy (it doesn't work for SSL and FTP).
>
> What I would like, is to alert the user that he must use a proxy by
> giving him the good parameters and a link to a documentation.
>
> Is it possible with squid or maybe I should use another tool ?
>
> I try with simple redirect with iptables (it's under linux), but of
> course, it won't work because the reply from a web server (like apache)
> does'nt use the correct IP source address and the client drop the packets...
>
> Does anyone have a suggestion ?
>
> Thanks in advance for your help !
>
> --
> Fabien SALVI Centre de Ressources Informatiques
> Archamps, France -- http://www.cri74.org
> PingOO GNU/linux distribution : http://www.pingoo.org
Received on Mon Feb 24 2003 - 14:20:10 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:35 MST