RE: [squid-users] redirection?

From: Rick Whitley <rickwh@dont-contact.us>
Date: Thu, 15 Jul 2004 14:00:18 -0500

When the user boots they get network through dhcp but nothing else.
Squid is supposed to control access to the internet and we want to limit
their network access to just the disclaimer/login site. The login at
this site will go to (probably a 2nd proxy) to do ldap_auth. That part
works. I can get authenticated/authorized but I want to be able to go to
this site because new students will not have a valid id yet.

rick...
Rom.5:8

>>> Chris Perreault <Chris.Perreault@Wiremold.com> 7/15/2004 1:45:57 PM
>>>
Determine what means you have for authenticating those users. You
previously
mentioned LDAP which is one method.

Step 3 is where things get tricky. Squid authenticates and doesn't
know,
unless using a helper, that the user is logged in elsewhere already.
Just
logging in, on the webserver, is not in itself to let authenticated
users
get to the web in your scenario. Squid will let squid-authenticated
users
pass, but needs help in knowing if they are members of some other
database
of users. Squid does not have a "logon" webpage. It will display a
basic
auth box to authenticate, which tells squid OK or ERR. Based on that
simple
yes/no the ACLs then determine what happens next.

The next important item might be knowing what type of user database
are
these users being activated within? Novell, AD, UNIX, Windows Domain,
etc.

When you ask about modifying the basic auth box....you can change the
name
of the Realm, from within the squid.conf file, but that's pretty much
it. It
is not a webpage, it's a simple box. Squid is not a webserver and a
webserver is not a gateway/proxy.

I think the best you can do is prompt everyone for a username and
password
and if they fail out they get redirected to a helpdesk type page which
outlines what to do if they lost their password, how to sign up for
access
if they have not done so yet, etc.

Are you having these users configure their proxy server, or are you
running
it in transparent mode?

Chris Perreault

-----Original Message-----
From: Rick Whitley [mailto:rickwh@dbu.edu]
Sent: Thursday, July 15, 2004 2:30 PM
To: squid-users@squid-cache.org; Chris Perreault
Subject: RE: [squid-users] redirection?

Here is the process we are trying to create.

1. User boots computer
2. opens browser (attempts to go to url)
3. Initial website displays
      Gives user option to Activate account or Login
4. New user activates account
      returns to initial page and logs in
5. Activated user logs in
6. They browse the net.

Is it possible (using more than 1 proxy server if necessary)?

When I turn on auth I get a dialog box requesting userid and passwd.
Can
that page be modified to display disclaimer/login activation or is that
more
work than its worth?

As you said Chris, just knowing that it is possible is half the
battle.
Right now I'm looking for possibilities. I need to know I'm on the
right
track or find out where the track is.

rick...
Rom.5:8

>>> Chris Perreault <Chris.Perreault@Wiremold.com> 7/15/2004 1:09:08
PM
>>>
Rick,

Logically map out what you'd like to have happen. I get stuck on this
one.
Define "initial", map all the steps out that you need to have occur.

I'm a user, and I input www.google.com into my browser. As an admin, do
you
want me to "initially" go to google or to this disclaimer page?

If the disclaimer page...ok, you can redirect www.google.com (or all
traffic) to go to the disclaimer page, but...it always will go there.
There
isn't a counter type thing that knows you already attempted google
once, so
the next time it should let really go to google.

I suppose, using the ACL's you could check against a userlist. If they
are
not in the list, then they get redirected to the signup/disclaimer
page.
This signup page/application needs to populate the "ok" userlist
quickly and
on the fly though. You need this site to always be accessable too.
Otherwise
if a user tried to reach a subpage within the disclaimer site, squid
would
again redirect them to the homepage of the disclaimer site.

I'm new at squid too, only been using it a month or so, and not in the
way
you want to use it either. Knowing something is possible is half the
battle
though, the rest is just figuring it out and making it go.

Chris Perreault
Webmaster/MCSE
The Wiremold Company
West Hartford, CT 06010
860-233-6251 ext 3426

-----Original Message-----
From: Rick Whitley [mailto:rickwh@dbu.edu]
Sent: Thursday, July 15, 2004 1:51 PM
To: squid-users@squid-cache.org
Subject: [squid-users] redirection?

I need to have all traffic on our student network display an initial
website
for disclaimers and info. Would this be done through a redirector or
is
there an acl I am unaware of?

I am using squid 2.5.stable5.

thanks

rick...
Rom.5:8
Received on Thu Jul 15 2004 - 13:00:33 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT