>
> i do believe a native squid transparent settings will do this. you can
> configure squid with transparency settings, configure squid with
> authentication (basic or LDAP) , set your Unix box (i will assume Linux)
> to be the default gateway, enable ip forwarding (act as a router),
> configure ipchains to trap http traffic and redirect it to your squid
> port.
>
No. He requires web authentication. Which is absolutely not possible under
interception conditions. His other requirements forbid the few auth ways
that do work (DB lookup server based checks).
>
>
> ----- Original Message ----
> From: Chris Robertson <crobertson_at_gci.net>
> To: squid-users_at_squid-cache.org
> Sent: Wednesday, April 22, 2009 7:43:59 PM
> Subject: Re: [squid-users] Auto Detect Proxy in Browser, visiting users.
>
> gavguinness wrote:
>> Hi
>>
>> I'm new to Squid. New in the sense that this time yesterday, I didn't
>> know
>> what Squid was. I knew what I wanted to achieve though, and I've
>> achieved
>> most of this today using Squid and a few helpful online guides...
>>
>> To have users promted to authenticate when they start their browser
>> (Check)
>> To log their activity in a log file (Check)
>> Not to have to install any software on the PC (Check)
>> Specifically not to use any server based DB lookup authentication
>> (check)
>>
>> The only problem is that I want all users to go through Squid, even
>> visiting
>> users. A lot of our guys are not going to want to manually enter Proxy
>> settings each time they visit a site - I want it to be automatic.
>>
>> Similarly, not every user logs into our server(s), so I can't deploy a
>> scrips or setting to the visiting computer as they simply connect to the
>> WiFi, or Cabled network point.
>>
>> So basically, just connect up to the network, go on line and BAM, they
>> have
>> to authenticate. Just like in Starbucks! (But without the coffee or
>> wifi
>> charges!)
>>
>> I looked at transparent settings, but I gather this doesn't work with
>> Authentication, so that's a no.
>>
>> Now i'm focussing on how to get the clients to auto detect the squid
>> box. But I can't fathom how that's going to work. If the machines don't
>> know
>> it's there, how can squid make itself known to them?
>>
>> Ideally (and bear in mind my lack of knowledge at this stage) I would
>> like
>> to just have my DCHP tell the clients that the squid box is the default
>> gateway and solve it that way, but again, I'm learning that the proxy
>> doesn't work that way - it's not a router, right?
>>
>> Hope that makes sense, any help appreciated. But in the meantime, I'll
>> get
>> my head back in the manual!
>>
>> Cheers
>>
>
> Look into WPAD
> (http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) or a
> captive portal like WiFiDog
> (http://en.wikipedia.org/wiki/WiFiDog_Captive_Portal) or the Squid session
> helper (check the archives).
>
> Here's the condensed version of what I have experienced with WPAD. It all
> assumes that the proxy settings have not been changed from the shipping
> default in the browsers.
>
> Using a Windows (98/2000/XP) machine and Internet Explorer, the DHCP
> option 252 is honored. DNS (wpad.domainname.com) is used in the absence
> of the DHCP option 252. Firefox (2 or 3) on a Windows (98/2000/XP)
> machine or OS X (10.4 for sure) the DHCP option 252 is ignored, DNS is
> used exclusively . Safari on Windows (98/2000/XP) or OS X ignores both
> DHCP and DNS and must be explicitly configured to use a statically defined
> PAC (http://en.wikipedia.org/wiki/Proxy_auto-config) file.
>
> My suggestion is to have a webserver assigned to
> http://wpad.yourdomain.tld that serves a PAC file when
> http://wpad.yourdomain.tld/wpad.dat OR http://wpad.yourdomain.tld/wpad.da
> is requested. This will (transparently) catch the majority of web
> browsers. For the rest, you should intercept outbound port 80 traffic and
> redirect it to a page that describes how to set their browser back to
> defaults (or how to set their browser to explicitly grab the PAC file).
>
> Chris
>
>
>
>
>
Received on Thu Apr 23 2009 - 03:19:17 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 23 2009 - 12:00:01 MDT