Security :: End User Validation Using Squid
May 24, 2009
This question is regarding squid based security. We would like to enforce browser security onto our users and would like to know if anyone has performed this. Our goal is to check a users browser version/plugin level before allowing them to access the internet in our organization. If their browser does not meet a standard compliance level such as patches or if they are using i.e. 5.0 we would redirect them to a page telling them that they need to update their browser before access will be permitted. Has anyone performed any types of checks like these?
View 4 Replies
ADVERTISEMENT
May 7, 2010
I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
View 2 Replies
View Related
Sep 29, 2010
Im using squid proxy server..i want to limit bandwidth for single user using squid proxy.
View 6 Replies
View Related
Jan 5, 2011
Suppose when I install squid proxy server Can I view the web pages visited by a particular user/machine in a particular session? I think we can analise the information by the log files of squid. But can I view the page(static)?
View 6 Replies
View Related
Jun 24, 2010
We use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies
View Related
Oct 25, 2010
I have squid proxy authenticating Internet users with LDAP. It's working well. But I have problem when I authenticate to squid proxy to login to Yahoo Messenger. Each time, I login to YM application, the squid proxy popups many authentication windows. These confuse users when they you YM. I checked in squid access log and see that: when users use YM application, the application requests the following links:
[code]...
With each link, squid requires one authentication window. Do you have any ways to squid require only one authentication window when users use YM?
View 2 Replies
View Related
Jul 22, 2010
I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
View 6 Replies
View Related
Apr 11, 2010
I installed webmin on Debian apt-get install webmin. After installation following message came.
Code:
Setting up webmin (1.510-2) ...
Webmin install complete. You can now login to https://IP:10000/
as root with your root password, or as any user who can use sudo to run commands as root. So I infer that the installation was successful.
But when I do
Code:
http://IP:10000
I get following error
Code:
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
View 1 Replies
View Related
Aug 20, 2010
I have configured squid proxy on centos 5.5 and some of my squid.conf file has following lines
Code:
http_access allow ncsa_users office
There are 3 users called "user034, user035 and user050" in the /etc/squid/squid_passwd file need to restricted access to internet except sites www.abc.com form anywhere in the lan. Once they logged in any ip, rule should apply.(that means no ip related acl, only user name related) How can I configure this in squid.
View 3 Replies
View Related
Mar 9, 2010
I running Squid 2.7. I using NCSA veryfication so only registered users may use proxy server. I want to allow only 1 connection to proxy for 1 user. Why not per ip ? Alot of users have dynamic IP's and i want to avoid password sharing beetween users. Any idea how to do it in squid ? Mb other autentyfication system connected to squid granting access to proxy server ?
View 3 Replies
View Related
Apr 14, 2010
I have Squid and Dans set up on a passthrough box with 2 nics, port 80 requestsEverything is working great. I need to know if there is a way to set up Dansguardian so that a user can enter a password on a blocked page to access it.
View 3 Replies
View Related
Oct 3, 2010
Lately i just installed Ubuntu 10.10 and get my Squid installed.It work much superior than Polipo for cache but i do not understand why i got Apache installed after i installed Squid.Is there any co-relation between Apache and Squid?Does it gonna make me run my own web server?
View 4 Replies
View Related
Jan 17, 2010
how to disable the gmail chat? My means to say that when we login to gmail , after that the chat will open, I want to disable that chat. am using Redhat 9 and squid stable 2.5 version. I have tried the things mentioned below, but chat is still working.
[Code]...
View 1 Replies
View Related
Apr 26, 2011
We are running squid as a proxy server having almost 170 users.The clients are using windows and after observing more than once there are some users that are sniffing on the network using maybe some sort of sniffing tool. Now can any body recommend some anti sniffing tool that can help us in detecting that culprit. Any software linux or windows based will I have tried wireshark if someone recommends that then please give some detailed tutorial on wireshark.
View 8 Replies
View Related
Feb 6, 2010
Example I have 3 user list and 3 file with block site names
acl group1 src 192.168.0.2 192.168.0.3 192.168.0.4/24
acl group2 src 192.168.0.5 192.168.0.6 192.168.0.7/24
acl group3 src 192.168.0.8 192.168.0.9 192.168.0.10/24
[Code]...
I've moved your post here to its own thread. Please don't resurrect dead threads. --win32sux
View 1 Replies
View Related
Feb 23, 2010
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
View 4 Replies
View Related
Feb 2, 2011
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
View 4 Replies
View Related
Jun 21, 2011
how to configure redhat squid in graphical user interface and uses of squid
View 2 Replies
View Related
Mar 4, 2011
I am using squid on my fedora box as a proxy server.By default the iptables (Firewall) service is on.To allow web pages to my client machines i stop the iptable service.
#service iptables stop
By doing it client computers start browsing.kindly how can I add a rule so that without stoping firewall client compter work fine.my perver IP address is 10.1.80.10
View 3 Replies
View Related
Aug 10, 2010
Squid acl rules can be configured to allow specific ip's to get full access, or rather skips the blocked site list.
acl <tag> src x.x.x.x
http_access allow <tag>
http_access deny blocksites
From all the ways i tried, squid does not log these urls. Is there a way to have squid log the urls requested from allowed ip's?
Specs:
squid ver : (squid/2.6.STABLE21)
OS : CentOS 5.5
View 1 Replies
View Related
Nov 15, 2010
How to deny download some file types on squid ?
I tried below in my squid.conf
acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles
and in my /etc/squid/src/blockfiles
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$
I still able to download
View 2 Replies
View Related
Jul 19, 2009
I have configured squid with AD. It is working fine. Now I want to use dansguardian with squid for web filtering on group bases, what should I do. What configuration i have to do in squid for dansguardian and all my users in AD also authenticate with dansguardian and also how I use dansguardian.
View 1 Replies
View Related
Feb 9, 2010
is someone can guide the best open source tools to monitor as webbase,gui,shell prompt
View 1 Replies
View Related
Apr 5, 2010
I have a problem with sites or domain blocking by squid proxy server in rehl 5. I have trying lots of time but i'm not succed.pls help me how to block sites or domain in rhel 5.
View 3 Replies
View Related
Jan 21, 2011
I have been trying to get Squid to work so that I can restrict access to a particular web site during certain hours every night. I can't seem to get it working, however. I am still able to access the site. The following are the relevant lines from my squid.conf file:
acl restricted-domain dstdomain "/etc/squid/denied_domains.acl"
acl test time 19:00-20:00
acl bedtime time 22:00-23:59
[code]...
View 2 Replies
View Related
Apr 15, 2009
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
View 6 Replies
View Related
Jan 29, 2010
Is there anyway to monitor the current bandwidth in use by a user (NCSA auth) on squid? Occasionally we get a user downloading too many videos at once, which blocks bandwidth to other users on the network. As I have no idea which user it is until the end of the day (SARG reports), we just restart the squid server to disconnect their downloads.
View 6 Replies
View Related
Apr 22, 2010
I've just finished my 100% total move from Windows after 2 years of developing on two different systems, one Slackware and one XP. I have come away from Slack because it was just taking too long to maintain the rapid advances in development tools and have now moved onto Ubuntu full time.
The last tool I was using on Windows was Dreamweaver, and not for editing (I had Bluefish for that) but for the HTML validation that worked offline. Thing is, I now can't find anything similar on Ubuntu. I've no idea how to get the W3C Validators working offline and the last two add-ons I tried with Firefox didn't work. Anybody know of any packages with reliable HTML and CSS validation that works offline? An offline link checker would also be useful.
View 1 Replies
View Related
Jun 11, 2009
After many modifications, I managed to install ns2.28 , but some validation tests failed. I got the following message at the end of validation test:
validate overall report: some tests failed:
./test-all-simple ./test-all-tcp ./test-all-testReno ./test-all-newreno ./test-all-sack ./test-all-tcpOptions ./test-all-sack-full ./test-all-tcpVariants ./test-all-LimTransmit ./test-all-aimd ./test-all-greis ./test-all-rfc2581 ./test-all-sctp ./test-all-tcpHighspeed ./test-all-frto ./test-all-friendly ./test-all-srm ./test-all-realaudio ./test-all-ecn ./test-all-ecn-full ./test-all-quickstart ./test-all-hier-routing ./test-all-lan ./test-all-mcast ./test-all-vc ./test-all-mixmode ./test-all-red ./test-all-adaptive-red ./test-all-red-pd ./test-all-rio ./test-all-vq ./test-all-rem ./test-all-gk ./test-all-pi ./test-all-cbq ./test-all-schedule ./test-all-jobs ./test-all-intserv
to re-run a specific test, cd tcl/test; ./test-all-TEST-NAME
Notice that some tests in webcache will fail on freebsd when -O is turned on. This is due to some event reordering, which will disappear when -g is turned on. I tried to run the test individually one after another, but that is too time consuming, it prompts for permission after every test and thus runs many test & opens a lot of xgraph window. The tests I run so far individually, agreed with the reference output. Now I am wondering, should I report a bug about it, or should I hire a kid to run those failed 40 tests( which require hitting the ENTER key 1200 times,maybe ), or what else should I do.
View 14 Replies
View Related
Sep 10, 2009
I want to validate a web form using PHP. I spent ages confusing myself with client side scripting and realised until I worked out it is not what I want. My problem is that now I am looking at PHP and everything is mixed up in my brain. I need to point out that PHP is very new to me! This is what I already have:
1 An html page with my form on it.
2 PHP page which emails the contents of the form to me.
The above works well. For the sake of clarity, here are my pages (cut down to the essentials where appropriate): My html form:
first name surname
Email
Home phone
Mobile
Work phone
I have read and understood your terms and conditions. My php script (regform.php)
$receiver = 'me@email'; $subject = 'New registration'; #$message = 'This is a new registration.'; $surname = $_POST['surname']; $firstname = $_POST['firstname']; $address = $_POST['address']; $email = $_POST['email']; $homeph = $_POST['homeph']; $mobileph = $_POST['mobileph']; $workph = $_POST['workph']; $time = $_POST['time']; #from here $oldaddress = $_POST['oldaddress']; $DOB = $_POST['DOB']; $elect = $_POST['elect']; $job = $_POST['job']; $salary = $_POST['salary']; $employer = $_POST['employer']; $benefit = $_POST['benefit']; $smoke = $_POST['smoke']; $claim = $_POST['claim']; $children = $_POST['children']; $children2 = $_POST['children2']; $pets = $_POST['pets']; $pets2 = $_POST['pets2']; $require = $_POST['require']; $terms = $_POST['terms']; $rooms = $_POST['rooms']; $body = "first name:$firstname
surname:$surname
DOB:$DOB
email:$email
home phone:$homeph
mobile phone:$mobileph
work phone:$workph
address:
$address
time at this address:$time
previous address:$oldaddress
electoral register:$elect
employment:$job
employer:$employer
salary:$salary
benefit claim:$benefit
future benefit:$claim
children:$children
ages:$children2
pets:$pet
pet type:$pets2
other requirements:$require
terms:$terms"; $headers = 'From: email' . "
" . 'Reply-To: email "
" . 'X-Mailer: PHP/' . phpversion(); mail($receiver, $subject, $body, $headers, "From: $firstname $surname
" . "Reply-To: $firstname $surname class="inlineimg" />;
You can see there are many more form fields than I have shown in my example html form above. What I want is that the following fields have to be filled:
1 mobileph
2 email
3 terms (checkbox)
I would like the user to be asked to fill the form in properly if any/all of the 3 fields have not been filled in. I imagine I need some php in the html page and some more in the php page. I am certainly not asking any one to do this for me but I am really confused. I have googled and copied and pasted and edited for 6 hours and I am lost. What I want is a very simple and clear example of the code needed. Sorry if I sound as if I can't search properly on Google: in this case I clearly can't!
View 2 Replies
View Related
