Frank Sweetser wrote:
> It's not really for a typical proxy use. We're a university. When students
> show up, they're required to register their ether address and drop location
> before we hand then an address via DHCP. The idea was, hand them out
> a private range address, and point them at a DNS server that hands back
> all addresses as pointing at the squid transparent proxy. Squid then
> rewrites all URLs to a "You're not registered! Here's what to do..."
> page, except ones related to the actual registration page. All of this
> works beautifully, except that the registration page is on a different
> subnet, reachable only via HTTPS....
Ok. Makes some sense.
Here is what you should do:
1. In the special DNS, register the IP of the server managing the registration.
2. For all other domain names, return a dummy IP where you have a server
sending browser redirects for all request, redirecting them to the registration
server. This server can be a Squid with a redirector, or a Apache, or mostly
anything else (even a small shell script will do).
Having the proxy simply rewrite the URL's on the fly is not a good idea.
And keep in mind that it is mostly a matter of minutes before your students
discover how it works and hacks around it. I would recommend looking at other
solutions like VLAN or similar "physical" borders.
--
Henrik
Received on Tue Aug 14 2001 - 07:18:56 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:11 MST