Re: [squid-users] Squid, Squidguard and Transparent Proxying

From: Marc <marc@dont-contact.us>
Date: Thu, 26 Oct 2006 10:11:52 -0800

I worked in a large school system with a computer lab where we addressed
some of these issues.

The first thing we did was implement several different logins on local
machines and deployed identd. We locked down the student login and
browser (we use firefox and kiosk) so that students could not alter the
browser and we set up acls in squid to limit student access. we have a
pac file set up on a server that the controls the location of the proxy.
  works very well without squidguard or dansguardian.

A next step would be of course to set up and authenticate via ldap. i
think it would be easy enough to differentiate between your staff and
students either via naming convention or via actual ldap content

there are some ready made solutions available if you want to import
blacklists into squid ...... I don;t have the url handy but they should
pop up pretty quick.....

Chris Robertson wrote:
> Scott Ackerman wrote:
>> I am the IT Administrator for a local charter school. I was hired
>> after an external support company was determined to no longer meet our
>> needs. The short story is that I am trying to set up an adequate
>> web-filtering solution for our school. I have already set up Squid and
>> have it configured to run as a transparent proxy, as it is my
>> understanding that this is the only way I can force the use of our
>> proxy server (the little urchins discovered last year how to change
>> proxy settings in their browser to get to open proxies and view
>> anything they want). But I am not sure how well this will integrate
>> with Squidguard as I also understand that in order for me to allow
>> teachers more access, some form of authentication with squid needs to
>> happen which won't work with a transparent proxy. Any suggestions on
>> this. I am currently running squid 2.5 on a Fedora Core 5 box with
>> Shorewall doing the redirect through netfilter.
>>
> Set Squid up to listen on two ports, and only allow authenticated
> requests on the second port. Teachers can specify the second port and
> use authentication, and you can redirect other traffic to the
> intercepting port.
>
> Specifics depend on how you have defined your ACLs and http_access rules.
>
> Chris
Received on Thu Oct 26 2006 - 12:06:44 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:05 MST