Re: [squid-users] 2 problems with squid from Evren Yurtesen on 2002-11-17 (squid-users)

From: Evren Yurtesen <eyurtese@dont-contact.us>
Date: Mon, 18 Nov 2002 08:27:27 +0200 (WET)

On Mon, 18 Nov 2002, Matthew Kaminski wrote:
> Hey everybody, i'll make this as short as possible.
>
> Background: I run Squid 2.4 Stable6 or a RedHar 7.3 (P200 with 196 mb ram
> and 4 GB cache size) box in public college with about 2600 students. As well
> I run novell 5.1 network and i got squid to authenticate to NDS. It all
> works great except 2 moderate issues.
>
> Problem 1: Users are able to change the proxy settings of the browser, which
> is very bad, as that way they can basically bypass the proxy. I was thinking
> that I could disable assess on port 80 from all hosts on my lan, excpet
> squid machine. that will cause that the ONLY way to access the new was
> through the squid machine. Can someone comment on that ??? is that the right
> way to do it ??? I'm worried there may be some unwanted side effects... is
> that the case ???

Perhaps you should try interception proxying.
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
This way there is no setup needed in client machines does you dont have to
thell everybody to setup proxy one by one. The users usually wont notice
that they use the proxy.

> Problem 2: I currently have 2 users here, for which the authenticatio doesnt
> work. I have their username and passwords (for testing purposes). When i run
> squid_ldap_auth manually, it returns OK for both of them, yet squid fails to
> authenticate them and give them the access the the net. this is absurd and i
> need to eliminate it, otherwise i need to keep temporary web-access account
> which is unacceptable.
>
> thats all. Thanks in advance...
>
> P.S. Squid is the best... i worked with novell border manager and ms-proxy
> and several others.... I cant believe that such a good softwre as squid is
> free.
>
> Matthew Kaminski
> Network Administrator
>
> Howick College
> Sandspit Road
> PO Box 38142
> Howick
> Auckland
>
> Phone: 0-9-534 4492 x850
> Fax: 0-9-534 6574
> Cell: 021 159 6191
> Email: matthew.kaminski@howick.school.nz
>
>
>
>
Received on Thu Nov 21 2002 - 11:29:16 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:31 MST