The best method is perhaps to block direct access to port 80, requiring
the user to have their proxy settings configured..
Any attempts to directly access port 80 without using the proxy can
return a custom page telling the user that to access the Internet they
must configure their proxy settings, followed by instructions on how to
configure the browser.
Returning such custom messages is done using the same techniques as
transparent proxying, but instead of redirecting the traffic to a proxy
you redirect the traffic to a small web server giving this response on
all requests (most easily done by using a wildcard redirect on the HTTP
server, redirecting any access to this web server to a specific
instructions page on another server).
Regards
Henrik Nordström
Squid Developer & CTO
MARA Systems AB, Sweden
Gregor Ibic wrote:
>
> Is there a way to redirect users to a squid proxy and authenticate them.
> I know that transparent proxy and auth should not work, but is there a way
> to only redirect traffic to squid and request users to authenticate.
> Maybe also on some other level, like network authentication or something
> like this.
>
> BTW, I succeded to create a version to authenticate users on MS Active
> directory
> and divide users in groups, and the acl them.
>
> It needs a little more code polishing. Is anyone interested?
>
> Regards,
> Gregor
>
> Intelicom d.o.o.
> Security software company
> http://www.intelicom.si
> email: info@intelicom.si
> tel.: ++386 5 6309 158
> fax.: ++386 5 6279 355
Received on Sat Jan 05 2002 - 18:11:55 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST