> > i do believe a native squid transparent settings will do this. you can > configure squid with transparency settings, configure squid with > authentication (basic or LDAP) , set your Unix box (i will assume Linux) > to be the default gateway, enable ip forwarding (act as a router), > configure ipchains to trap http traffic and redirect it to your squid > port. > No. He requires web authentication. Which is absolutely not possible under interception conditions. His other requirements forbid the few auth ways that do work (DB lookup server based checks). > > > ----- Original Message ---- > From: Chris Robertson <crobertson@xxxxxxx> > To: squid-users@xxxxxxxxxxxxxxx > Sent: Wednesday, April 22, 2009 7:43:59 PM > Subject: Re: Auto Detect Proxy in Browser, visiting users. > > gavguinness wrote: >> Hi >> >> I'm new to Squid. New in the sense that this time yesterday, I didn't >> know >> what Squid was. I knew what I wanted to achieve though, and I've >> achieved >> most of this today using Squid and a few helpful online guides... >> >> To have users promted to authenticate when they start their browser >> (Check) >> To log their activity in a log file (Check) >> Not to have to install any software on the PC (Check) >> Specifically not to use any server based DB lookup authentication >> (check) >> >> The only problem is that I want all users to go through Squid, even >> visiting >> users. A lot of our guys are not going to want to manually enter Proxy >> settings each time they visit a site - I want it to be automatic. >> >> Similarly, not every user logs into our server(s), so I can't deploy a >> scrips or setting to the visiting computer as they simply connect to the >> WiFi, or Cabled network point. >> >> So basically, just connect up to the network, go on line and BAM, they >> have >> to authenticate. Just like in Starbucks! (But without the coffee or >> wifi >> charges!) >> >> I looked at transparent settings, but I gather this doesn't work with >> Authentication, so that's a no. >> >> Now i'm focussing on how to get the clients to auto detect the squid >> box. But I can't fathom how that's going to work. If the machines don't >> know >> it's there, how can squid make itself known to them? >> >> Ideally (and bear in mind my lack of knowledge at this stage) I would >> like >> to just have my DCHP tell the clients that the squid box is the default >> gateway and solve it that way, but again, I'm learning that the proxy >> doesn't work that way - it's not a router, right? >> >> Hope that makes sense, any help appreciated. But in the meantime, I'll >> get >> my head back in the manual! >> >> Cheers >> > > Look into WPAD > (http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) or a > captive portal like WiFiDog > (http://en.wikipedia.org/wiki/WiFiDog_Captive_Portal) or the Squid session > helper (check the archives). > > Here's the condensed version of what I have experienced with WPAD. It all > assumes that the proxy settings have not been changed from the shipping > default in the browsers. > > Using a Windows (98/2000/XP) machine and Internet Explorer, the DHCP > option 252 is honored. DNS (wpad.domainname.com) is used in the absence > of the DHCP option 252. Firefox (2 or 3) on a Windows (98/2000/XP) > machine or OS X (10.4 for sure) the DHCP option 252 is ignored, DNS is > used exclusively . Safari on Windows (98/2000/XP) or OS X ignores both > DHCP and DNS and must be explicitly configured to use a statically defined > PAC (http://en.wikipedia.org/wiki/Proxy_auto-config) file. > > My suggestion is to have a webserver assigned to > http://wpad.yourdomain.tld that serves a PAC file when > http://wpad.yourdomain.tld/wpad.dat OR http://wpad.yourdomain.tld/wpad.da > is requested. This will (transparently) catch the majority of web > browsers. For the rest, you should intercept outbound port 80 traffic and > redirect it to a page that describes how to set their browser back to > defaults (or how to set their browser to explicitly grab the PAC file). > > Chris > > > > >
