Re: [squid-users] transparent proxy with different user authentication

DNS: add this
proxy A x.x.x.x
wpad CNAME proxy.yourdomain.org
        TXT "\"service: wpad:!http://wpad.yourdomain.org:80/proxy.pac\""
wpad.tcp SRV 0 0 80 wpad

DHCP: add this to your global scope for all dhcp machines
option 252 WPAD "http://proxy.yourdomain.org/wpad.dat"

The web scripts can be a variety of different things. A google search of
"wpad.dat" can show some very interesting things. I kept mine simple and
works well. Desktops' browsers I have configured using the proxy script
entry, notebook users configured to Auto Detect Proxy Settings.
root of web server add these 3 files with the same content:
proxy.pac
wpad.dat
wspad.dat (for some reason Firefox uses this one)
--------------cut-------------
t1 = "PROXY proxy.yourdomain.org:8080";
local = "DIRECT";
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(url, "http:*:86/*") ||
        shExpMatch(host, "*.yourdomain.org") ||
        shExpMatch(host, "localhost") ||
        shExpMatch(host, "127.*") ||
        shExpMatch(host, "10.*") ||
        shExpMatch(host, "192.168.*") ||
        shExpMatch(host, "169.254.*") ||
        shExpMatch(host, "172.16.*"))
    return local;
    else
    return t1;
}
--------------snip------------------

The proxy server authenticates via winbind to a Win2K domain. Win2K
servers handle the DNS and DHCP and a SLES9 box handles squid and apache
(for web scripts). All browsers except for Safari seem to work well on
OSX,WIN,Linux. This should do it for you, let me know if you have any
trouble.

if anyone else has more insight, feel free :-)
Craig Herring

On Mon, 2005-11-28 at 14:25 +0100, CsY wrote:
> hello!
>
> Please send me a details :)
> i using ubuntu linux 5.10
> thanks in advance
>
> Craig Herring írta:
> > I read somewhere on the squid-cache.org site that you cannot run a
> > transparent proxy and have user authentication at the same time.
> > However, we dealt with publishing proxy settings using DNS, DHCP, and
> > auto proxy scripts. It works well. If you like I can send details...
> >
> > Craig Herring
> >
> > On Mon, 2005-11-28 at 12:04 +0100, CsY wrote:
> >
> > > Hello!
> > >
> > > Anybody can help me?
> > > I need set up a transparent proxy with user auth. and different user rights.
> > > Eg: manager access all exept porn, drug sites
> > > simple user acces news portal, sites which needed to work
> > >
> > > Anybody create same server? can help me?
> > > thanks
> > >
> > >
> >
> > _____________ NOD32 1.1306 (20051128) Információ _____________
> >
> > Az üzenetet a NOD32 antivirus system megvizsgálta.
> > http://www.nod32.hu
> >
> >
> >
> >
Received on Mon Nov 28 2005 - 07:05:44 MST