[Gllug] Proxy Server

Ian Baillie ian.baillie at westminster.org.uk
Tue Nov 12 13:28:12 UTC 2002 

Thanks for that, I'll pop to WH Smiths at lunchtime. 
Authenticationwise, does anyone know if it is possible to get the user
information without having the user logon with the browser (for the Mac
Clients), as they have to logon once (using MacAdmin) to use the system?

(Maybe I should just ask Santa on my wish list ;)


Ian


On Tue, 2002-11-12 at 12:13, Xander D Harkness wrote:
> 
> 
> Ian Baillie wrote:
> 
> >Hi All,
> >
> >I posted a similar email, a while back (probably at the beginning of the
> >year), but the time has come to implement a solution.
> >
> >What I want:
> >A proxy server, with web caching capabilities, firewall and filtering.
> >Ideally, the filtering will look up entries in a database, so it can be
> >dynamically updated, as and when unsuitable sites are found and added.
> >Later on, I may want to add EMail services, Anti-Virus and Intranet server.
> >
> >My Understanding:
> >>From previous emails, I seem to recall that I should use Squid for the
> >proxy/caching server, with squid-guard to perform the filtering and
> >iptables for firewalling.
> >
> >Questions:
> >Can this setup be used in conjunction with a database e.g. mySQL to lookup
> >unsuitable sites, and redirect to a admin page stating the site is barred?
> >Does anyone know of a suitable ban list?
> >Is it okay to have the proxy/caching/firewall/database/filtering all on the
> >same machine?
> >
> You can block all sites using a wildcard such as *.bl.harkness.co.uk 
> within squidguard
> 
> In addition I use a dns database for exim (the same as the RBL but self 
> maintained) at bl.harkness.co.uk.  Exim allows this to contain email 
> addresses, domains or IPs and will look up a host 
> nasty at person.com.bl.harkness.co.uk.
> 
> If you were looking to block a site such as msn then 
> msn.bl.harkness.co.uk would not be a million miles away from what you 
> may need.
> 
> If you want to take this further in Linux Journal this month there was a 
> name server that runs from a MySQL database with a PHP front end to 
> configure it.  I believe it was hosted on sourceforge.
> 
> You could start with bind to see how it operates and grow it from there.
> 
> squidguard provides an updated list of block sites (weekly list with 
> diffs)  I think the porn list had about 30,000 sites before updates 
> (Yes, that kept me busy browsing for a while - Not ;-)  It is astounding 
> looking through the list at the sheer creativity!
> 
> If you list sites by domain in the iptables I am sure you could also tie 
> that into dns too.
> 
> Depending upon your requirements you might also like to have a look at 
> the squid authentication too.  The modules provided include smb_auth and 
> pam_auth so it is really quite flexible and allows you to monitor who 
> goes where, how much bandwidth each person uses and which computers the 
> users are logging into.
> 
> KInd regards
> Xander
> 
> >
> >Other info:
> >The clients are a mixture of Mac OS 9, Mac OS X, Win 98, Win 2K and Win XP.
> > Currently, there is an OS 9 server running VicomServer (proxy software)
> >with filtering using cyberNot.  This is a school enviorment, so the
> >filtering needs to be pretty good.
> >
> >Thanks in advance...
> >
> >
> >Ian
> >
> >  
> >
> 
> 
> -- 
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list