Re: [squid-users] Auto Detect Proxy in Browser, visiting users.

i do believe a native squid transparent settings will do this. you can configure squid with transparency settings, configure squid with authentication (basic or LDAP) , set your Unix box (i will assume Linux) to be the default gateway, enable ip forwarding (act as a router), configure ipchains to trap http traffic and redirect it to your squid port. ----- Original Message ---- From: Chris Robertson <crobertson@gci.net> To: squid-users@squid-cache.org Sent: Wednesday, April 22, 2009 7:43:59 PM Subject: Re: [squid-users] Auto Detect Proxy in Browser, visiting users. gavguinness wrote: > Hi > > I'm new to Squid.  New in the sense that this time yesterday, I didn't know > what Squid was.  I knew what I wanted to achieve though, and I've achieved > most of this today using Squid and a few helpful online guides... > > To have users promted to authenticate when they start their browser (Check) > To log their activity in a log file (Check) > Not to have to install any software on the PC (Check) > Specifically not to use any server based DB lookup authentication (check) > > The only problem is that I want all users to go through Squid, even visiting > users.  A lot of our guys are not going to want to manually enter Proxy > settings each time they visit a site - I want it to be automatic. > > Similarly, not every user logs into our server(s), so I can't deploy a > scrips or setting to the visiting computer as they simply connect to the > WiFi, or Cabled network point. > > So basically, just connect up to the network, go on line and BAM, they have > to authenticate.  Just like in Starbucks!  (But without the coffee or wifi > charges!) > > I looked at transparent settings, but I gather this doesn't work with > Authentication, so that's a no. > > Now i'm focussing on how to get the clients to auto detect the squid box. But I can't fathom how that's going to work.  If the machines don't know > it's there, how can squid make itself known to them? > > Ideally (and bear in mind my lack of knowledge at this stage) I would like > to just have my DCHP tell the clients that the squid box is the default > gateway and solve it that way, but again, I'm learning that the proxy > doesn't work that way - it's not a router, right? > > Hope that makes sense, any help appreciated.  But in the meantime, I'll get > my head back in the manual! > > Cheers >  Look into WPAD (http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) or a captive portal like WiFiDog (http://en.wikipedia.org/wiki/WiFiDog_Captive_Portal) or the Squid session helper (check the archives). Here's the condensed version of what I have experienced with WPAD.  It all assumes that the proxy settings have not been changed from the shipping default in the browsers. Using a Windows (98/2000/XP) machine and Internet Explorer, the DHCP option 252 is honored.  DNS (wpad.domainname.com) is used in the absence of the DHCP option 252.  Firefox (2 or 3) on a Windows (98/2000/XP) machine or OS X (10.4 for sure) the DHCP option 252 is ignored, DNS is used exclusively .  Safari on Windows (98/2000/XP) or OS X ignores both DHCP and DNS and must be explicitly configured to use a statically defined PAC (http://en.wikipedia.org/wiki/Proxy_auto-config) file. My suggestion is to have a webserver assigned to http://wpad.yourdomain.tld that serves a PAC file when http://wpad.yourdomain.tld/wpad.dat OR http://wpad.yourdomain.tld/wpad.da is requested.  This will (transparently) catch the majority of web browsers.  For the rest, you should intercept outbound port 80 traffic and redirect it to a page that describes how to set their browser back to defaults (or how to set their browser to explicitly grab the PAC file). Chris
Received on Thu Apr 23 2009 - 01:40:52 MDT