I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
View 6 RepliesI don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
Example I have 3 user list and 3 file with block site names
acl group1 src 192.168.0.2 192.168.0.3 192.168.0.4/24
acl group2 src 192.168.0.5 192.168.0.6 192.168.0.7/24
acl group3 src 192.168.0.8 192.168.0.9 192.168.0.10/24
[Code]...
I've moved your post here to its own thread. Please don't resurrect dead threads. --win32sux
what is the acl type is used to bypass a website where to implement the rule?
View 3 Replies View RelatedI've attached my squid.conf, I'm creating a proxy server along with a content filter for work using dansguardian and squid, recently my boss asked me to allow a few ips to bypass squid without being authenticated now i thought this config might do it but it seems to be reluctant to let this computer through without being authenticated
View 3 Replies View RelatedI am using squid 2.6 (as a proxy server) in my cent os 5 box.The clients computers are factehing the web pages successfully. The firewall (IPTABLES) are already disabled.The problem is we have an internal web based application by which the users add the data in it. when the user type the ip address in the browser i.e http://10.1.7.21:81/mis squid shows Code:ERRORThe requested URL could not be retrievedWhile trying to retrieve the URL: http://10.1.7.21:81/mis/The following error was encountered:Access Denied.Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.Your cache administrator is root.We have another proxy server MS ISA 2006 and by changing proxy from Linux squid to MS ISA we can access the page.
View 14 Replies View RelatedI have Squid and Dans set up on a passthrough box with 2 nics, port 80 requestsEverything is working great. I need to know if there is a way to set up Dansguardian so that a user can enter a password on a blocked page to access it.
View 3 Replies View Relatedinstalled dansguardian and now working fine.I got a small problem. People bypassing proxy settings in firefox, means they go to settings and changes proxy settings to no proxy.. how to prevent this? How can I force people to use proxy to connect Internet? I done some googling but, unable to find a solution.
View 3 Replies View RelatedMy squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI love My linux OS, and I carry It with me all the time in USB. I used to be able to boot from USB in the University computers, but not any more. Now it required Admin password in order to boot from CD or USB. I tried The VMWare, but I didn't like it. Is there any way I can get around it.
View 1 Replies View RelatedMy company web access is behind proxy(http://abc.proxy). Network admin can get to check who is top10 user and web they access. I owned a centos server. I have a thought that create an encrypted tunnel within proxy so the admin cant detect my http address. This is how it going to works
client with OpenVPN -> OpenVPN server(centos with company proxy)-> proxy -> internet
My connectivity in my client are using OpenVPN server as bridge. Hence, no record for client is recorded in my Network admin monitoring list. OpenVPN server's activity can be traced by network monitoring tools, just assume that our ultimate goal is to hide client activity.
When there is an exploit in the kernal, can the iptables firewall get bypass? If yes,how do you know? Otherwise how can you find out.
View 9 Replies View RelatedWe are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies View RelatedI have Redhat enterprise linux 4 and it is used for squid. This machine is behind the Cisco PIX Firewall and it is handled by our network administrator. few days ago, my boss ordered me to allow Mail (Yahoo, Hotmail, G-Mail) only to some users and block every things for them. Here also, some other users (not above) have allowed downloading, movies etc and some users have not. I did it in squid as follow for users who required mail access only:-
[Code]....
I have squid server running FC7. i have created a ncsa authentication for windows user to use internet through squid proxy.
My problem is that the each created user should be able to change their password.
- Is there a way, using NCSA authentication, to allow users to change their passwords?
- Is there a way to use windows AD password for squid authentication. if so how?
I am not sure whether it's possible or not. We running squid proxy server for our office. We restrict users using ACL to access the internet. There is some who do the followings:
1. Create a own proxy in there box who has the internet access.
2. Other users use those box as proxy and access to the internet.
i have squid 2.6 server running on rhel5. by default teamviewer access is deny. i want to allow access of teamviewer but not getting.
View 4 Replies View RelatedI am using squid + dansguardian for web and content filtering. And it is working fine. I am forcing users to use proxy through browser configuration. Now I am planning to add another layer to controlling access using ncsa_auth program. I know it is not the most secured but I am fine with it. Plain passwords are fine with me.
I will be giving users some default passwords but I want some program for allowing users to change the passwords for the respective users if they want. Is there any perl script or something web based for the purpose that anyone is using or know of?
My Squid is working. But I do not know how to unblock a proxy for two users on my network. My configuration
Code:
acl work src 192.168.16.0/24
acl sites dstdomain "/etc/squid/sites.acl"
acl files urlpath_regex "/etc/squid/files.acl"
acl boss src 192.168.16.12
[Code]....
How to enable blocked sites and files for boss and it_user?
just now i have installed squid, it works fine with authentication . I created this authentication in a simple text file by using htpasswd . my question is that is there any web based simple page to change passwords of squid users, because each and every time i cant give direct access to server for my squid users .
View 1 Replies View RelatedTo avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View RelatedI have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
I have running on RHL enterprise 4. I want to configure squid users to authenticate against windows 2003 active directory. How do I go about from scratch
View 1 Replies View RelatedWe use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies View RelatedThis question is regarding squid based security. We would like to enforce browser security onto our users and would like to know if anyone has performed this. Our goal is to check a users browser version/plugin level before allowing them to access the internet in our organization. If their browser does not meet a standard compliance level such as patches or if they are using i.e. 5.0 we would redirect them to a page telling them that they need to update their browser before access will be permitted. Has anyone performed any types of checks like these?
View 4 Replies View RelatedI have squid proxy authenticating Internet users with LDAP. It's working well. But I have problem when I authenticate to squid proxy to login to Yahoo Messenger. Each time, I login to YM application, the squid proxy popups many authentication windows. These confuse users when they you YM. I checked in squid access log and see that: when users use YM application, the application requests the following links:
[code]...
With each link, squid requires one authentication window. Do you have any ways to squid require only one authentication window when users use YM?
Lately i just installed Ubuntu 10.10 and get my Squid installed.It work much superior than Polipo for cache but i do not understand why i got Apache installed after i installed Squid.Is there any co-relation between Apache and Squid?Does it gonna make me run my own web server?
View 4 Replies View Relatedhow to disable the gmail chat? My means to say that when we login to gmail , after that the chat will open, I want to disable that chat. am using Redhat 9 and squid stable 2.5 version. I have tried the things mentioned below, but chat is still working.
[Code]...
We are running squid as a proxy server having almost 170 users.The clients are using windows and after observing more than once there are some users that are sniffing on the network using maybe some sort of sniffing tool. Now can any body recommend some anti sniffing tool that can help us in detecting that culprit. Any software linux or windows based will I have tried wireshark if someone recommends that then please give some detailed tutorial on wireshark.
View 8 Replies View RelatedI am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
View 2 Replies View Related