On 08/01/11 04:01, mpnordland wrote:
On 01/06/2011 11:27 PM, Amos Jeffries wrote:
On 07/01/11 15:54, mpnordland wrote:
The tricky thing is, is that this is all on one computer, squid is a
proxy for the computer it is installed on, the idea of it all is to
track the urls that the users visit. Authentication is necessary so that
one user's log isn't mixed with another's. And just so you know, this
isn't spyware.
Not much difference to a proxy on a router. Just use the user-PID
instead of source client IP in your firewall rules around port 80.
For example the squid user ID is allowed port 80 access but all others
are not. WPAD is used to point at 127.0.0.1 as the proxy IP.
And yes WPAD and the *nix global http_proxy environment variable are the
only ways to get authentication in a proxy without configuring it
directly into the browser.
Amos
Ok, I like this because it makes sense, I am pretty sure I can figure
out how to setup iptables to only allow squid, how should I set up WPAD
on my setup, and why 127.0.0.1?
127.0.0.1 (or ::1 in IPv6) are completely internal to the box so are not
speed limited by things like external MTU size, TCP queues or external
firewall rules. They also protect Squid a lot more against remote access.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
