On Tuesday 06 December 2005 15:08, Benedek Frank wrote: > This is my first post, if I ask something outrageously stupid, please > forgive me. I did read the FAQ, and all other things I could think of, > and I managed to get the Proxy up and running. It works great, and > thanks for the nice application. > > I am a Windows System admin, and I figured I would use Linux for the > Proxy so that I can have a little adventure, besides all the fancy GUI > windows apps. I installed it on Debian, and I configured it, and it > reads all my inquires to the Web just fine. I have caching disabled, > this isn't why I installed the Proxy, but rather for monitoring. This is > where my question comes in. I initially wanted to disable access via the > NetScreen firewall to all users on a block of IP's, where the restricted > users would go to, so they could only browse through the proxy, > therefore they are monitored. This is all nice, just my boss would like > to know who tries to attempt File Sharing, etc. I said to him, that > Squid might only be able to monitor Web Secured Web, and FTP traffic, > but I hope I am wrong. I am here to ask the following: > > Is there any way I can have Squid take over kind of like a gateway, so > that all traffic goes through it, and passes it to the Netscreen? It it called interception mode. See: http://squid.visolve.com/squid/squid24s1/httpd_accelerator.htm http://www.squid-cache.org/Doc/FAQ/FAQ-17.html But also read: http://workaround.org/moin/SecureWebAccessWithSquid To cut it short: - you need to tell your gateway (firewall?) to forward all port 80 requests to Squid - you need to set Squid into interception mode But: - you will not be able to send anything different but port 80/HTTP traffic through Squid - Squid is not a proxy for file sharing. So you won't have any success here. - You should generally not allow direct accesses to the internet. In a moderately secure network setup you only allow accesses that come from proxies. So if somebody is successfully doing file sharing in your network you have a serious firewall misconfiguration. > If you have any ideas of what would be the greatest monitoring app I > could use, which would show me details by IP addresses, of what is being > accessed, downloaded, and by whom? Some firewalls habe built-in application proxies and can log the URLs (HTTP GET requests) which are sent through the firewall. Christoph -- ~ ~ ".signature" [Modified] 2 lines --100%-- 2,41 All
