I have Squid and Dans set up on a passthrough box with 2 nics, port 80 requestsEverything is working great. I need to know if there is a way to set up Dansguardian so that a user can enter a password on a blocked page to access it.
View 3 Repliesinstalled dansguardian and now working fine.I got a small problem. People bypassing proxy settings in firefox, means they go to settings and changes proxy settings to no proxy.. how to prevent this? How can I force people to use proxy to connect Internet? I done some googling but, unable to find a solution.
View 3 Replies View RelatedI have installed dansguardian and squid on my home computer and I need to configure them. the only problem I couldn't find any manual only one for opensuse 9. And even there the part after "acl CONNECT method CONNECT" doesn't make any sense to me.
View 1 Replies View RelatedI have installed squid and dansguardian on my server, I also setup my iptables to forward port 80 communication to port 3128 (squid). I also have remove the comment on /etc/dansguardian/dansguardianf1.conf (line "bannedextensionlist") hoping that my server would block download. But it isn't, it still download file no matter I add in /etc/dansguardian/lists/bannedextensionlist. Oh yeah, I also add this line to my /etc/squid/squid.conf
Code:
cache_peer 172.16.1.212 parent 8080 0 no-query default
so that squid will consider dansguardian as it's parent.
I've been pulling my hair out and can't figure out what's wrong. I have dhcp, squid, and dansguardian all running on my server, but when I point a client to it for a proxy (192.168.1.15:8080) and try to get to a website, nothing happens and the connection times out. When I don't bother with the proxy, the client has no trouble getting to the internet. I've verified I can ping the server and gateway from both machines. And the services are running, no errors noted in the logs. Do I need to do any iptables or selinux changes?
My network is very basic, several clients on the same network as the server, connected to a verizon gateway. Local addresses are 192.168.1.x. The server is 192.168.1.15, gateway is 192.168.1.1.
I'm using:
* squid-7:3.1.8-1.fc12 (x86_64)
* dansguardian-2.10.1.1-3.fc12.x86_64
* Fedora 12
My squid config file:
Quote:
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
[code]....
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
I have around 9 squid proxy servers and going to deploy Dansguardian on all of them. But I feel managing individual copy/server would be an tedious job hence please let me know if any one aware of centralized management solution for Squid+Dansguardian? Or if not let me know if you are aware of any such other Open Source product.
View 1 Replies View RelatedI have squid running perfectly and I added MySQL Squid Access Report 2.1.4 and the reports works just fine. The problem its when I add a dansguardian content filter, from that moment the only IP address that appears on the report its the box itself (I have all running on the same box).
IPtables forward requests to port 8080 Dansguardian listening on port 8080 forwards to squid on port 3128 Squid on port 3128 to internet (Here I review the logs with MySar).
I know it is because the actual http request for Squid came from Dansguardian's IP address (its the job of the proxy). how to have the real IP address on the reports.
I am trying to learn DansGuardian for content filtering, but for some reasons it is NOT working for me. equest is directly getting routed to SQUID, it should come first to DansGuardian and then to SQUID.I have created the below scenario on CENTOS 5.5 boxes.
Code:
192.168.0.10box1.test.comYUM/HTTP SERVER
192.168.0.20box2.test.comYUM/HTTP CLIENT, SQUID SERVER
[code]....
what is the acl type is used to bypass a website where to implement the rule?
View 3 Replies View RelatedI have a proxy server (squid-3) that I would like to setup Dansguardian to do additional web filtering.
The system:
Ubuntu 10.10 - all updates as of today
Dansguardian - 2.10.1.1-2ubuntu0.1 (latest update)
Squid3 - latest update (not squid 2.7)
Webmin - 1.530 (all updates)
Webmin dansguardian module - 0.7.1
Ok - I have all of the above installed. When I go to the DG module page in Webmin, I get the following:
Warning - the version of DansGuardian you have is not supported by this Webmin module version
Webmin Module Version 0.7.1 supports DG version 2.10 (& 2.9)
Currently installed DG version
This obviously makes no sense, since I am running DG version 2.10.1...
PS. I have squid installed, but not configured (still tinkering) - could this be the problem? That squid needs to be running for DG to work?
I want to block yahoo mail chat in dansguardian. I had google few thing I come to know that I need to do this. Locking DNS lookups to webcs.msg.yahoo and httpcs.msg.yahoo by returning 127.0.0.1. I haven't have dns configured. So what I need to do solve this problem. I had tried by making an entry in etc hosts file. but it didn't worked.
View 3 Replies View RelatedI have configured squid with AD. It is working fine. Now I want to use dansguardian with squid for web filtering on group bases, what should I do. What configuration i have to do in squid for dansguardian and all my users in AD also authenticate with dansguardian and also how I use dansguardian.
View 1 Replies View Relatedcan anyone give me the solution how to configure dansguardian on squid transparent proxy.i m using
linux - slackware
squid - squid-2.6-stable18
dansguardian - 2.10.1.1
squid transparent proxy is working properly.
I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
View 6 Replies View RelatedI've attached my squid.conf, I'm creating a proxy server along with a content filter for work using dansguardian and squid, recently my boss asked me to allow a few ips to bypass squid without being authenticated now i thought this config might do it but it seems to be reluctant to let this computer through without being authenticated
View 3 Replies View RelatedI am using squid 2.6 (as a proxy server) in my cent os 5 box.The clients computers are factehing the web pages successfully. The firewall (IPTABLES) are already disabled.The problem is we have an internal web based application by which the users add the data in it. when the user type the ip address in the browser i.e http://10.1.7.21:81/mis squid shows Code:ERRORThe requested URL could not be retrievedWhile trying to retrieve the URL: http://10.1.7.21:81/mis/The following error was encountered:Access Denied.Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.Your cache administrator is root.We have another proxy server MS ISA 2006 and by changing proxy from Linux squid to MS ISA we can access the page.
View 14 Replies View Relatedbrand new 2 Ubantu & set up standard Ubantu compartment accessed via 1 user name only and password. 1st few times all good but now suddenly, unexpectedly password declared invalid. Had written down password so it is correct & not entry error. Not know how to reset password or bypass 'username/password log on screen' Am on an Acer 5542G with windows 7 home premium.
View 3 Replies View Relatedis this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
I realise that passwords are a good thing but I'm getting fed up having to enter a password just to get my wireless network to work every time I switch on Ubuntu or when I log out and back in again.
Seeing as there is nobody in the house that I want to keep away from the computer, is there a way to automatically sign-in to my wireless network without having that annoying key-chain popping up every time?
I have to enter the root password every time I want to run
Code:
sudo vpnc
and I know that there is a way to avoid entering password every time but I can't remember what it is.
i have an old doc file from ms office 2003 which is password protected and i forgot what it was. is there a way i can bypass or recover that password?
View 1 Replies View RelatedI love My linux OS, and I carry It with me all the time in USB. I used to be able to boot from USB in the University computers, but not any more. Now it required Admin password in order to boot from CD or USB. I tried The VMWare, but I didn't like it. Is there any way I can get around it.
View 1 Replies View RelatedIs there a way to bypass (and/or reset)the username/password when powering up?
View 3 Replies View RelatedI'm running Ubuntu 9.10 as a web/ftp/etc server. I like to work on stuff from remote locations and have set it up to be accessed it with the external IP address by my laptop.The problem is that if I'm at a remote location and tell it to restart, when it boots up it won't log me on unless I enter the password, but I can't remote access it until I'm logged in.So, is there a command or script that I can run that will tell it to restart and bypass entering a login password?I'm only looking for something to bypass it ONCE per command/script, NOT to disable my password.
View 5 Replies View RelatedThere are some user-space based NFS clients (e.g. NFS Client library). Can I bypass file permissions by using such client? code...
Client1 uses usual NFS client (kernel-mode based) and user1@client1 can read only file1, but not file2.
As I understand, client1 sends uid in nfs request, server1 do a permissions check based on the request data. So, I suggest this is possible to have a client2:
Client2 uses user-space client, and hacker@client2 knows uids of user1 and user2; If he wants to read file1 he can send uid of user1; if he wants to read file2, he sends uid of user2.
Is the scheme possible?
I don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
i changed my password and whenever i log in i get a message that ur login keyring password and user password do not match, so how do i change my login keyring password!!
View 1 Replies View RelatedHow to recover user password and root password in fedora if u forget
View 2 Replies View Related