Re: [squid-users] Proxy Monitoring Question

On Tuesday 06 December 2005 15:08, Benedek Frank wrote:
> This is my first post, if I ask something outrageously stupid, please
> forgive me. I did read the FAQ, and all other things I could think of,
> and I managed to get the Proxy up and running. It works great, and
> thanks for the nice application.
>
> I am a Windows System admin, and I figured I would use Linux for the
> Proxy so that I can have a little adventure, besides all the fancy GUI
> windows apps. I installed it on Debian, and I configured it, and it
> reads all my inquires to the Web just fine. I have caching disabled,
> this isn't why I installed the Proxy, but rather for monitoring. This is
> where my question comes in. I initially wanted to disable access via the
> NetScreen firewall to all users on a block of IP's, where the restricted
> users would go to, so they could only browse through the proxy,
> therefore they are monitored. This is all nice, just my boss would like
> to know who tries to attempt File Sharing, etc. I said to him, that
> Squid might only be able to monitor Web Secured Web, and FTP traffic,
> but I hope I am wrong. I am here to ask the following:
>
> Is there any way I can have Squid take over kind of like a gateway, so
> that all traffic goes through it, and passes it to the Netscreen?

It it called interception mode. See:
http://squid.visolve.com/squid/squid24s1/httpd_accelerator.htm
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html

But also read:
http://workaround.org/moin/SecureWebAccessWithSquid

To cut it short:
- you need to tell your gateway (firewall?) to forward all port 80
  requests to Squid
- you need to set Squid into interception mode

But:
- you will not be able to send anything different but port 80/HTTP
  traffic through Squid
- Squid is not a proxy for file sharing. So you won't have any success
  here.
- You should generally not allow direct accesses to the internet.
  In a moderately secure network setup you only allow accesses that come
  from proxies. So if somebody is successfully doing file sharing in your
  network you have a serious firewall misconfiguration.

> If you have any ideas of what would be the greatest monitoring app I
> could use, which would show me details by IP addresses, of what is being
> accessed, downloaded, and by whom?

Some firewalls habe built-in application proxies and can log the URLs (HTTP
GET requests) which are sent through the firewall.

 Christoph

-- 
~
~
".signature" [Modified] 2 lines --100%--                2,41         All