+ Post New Thread
Results 1 to 10 of 10
Coding Thread, SQUID - AUP Redirect in Coding and Web Development; Hi Guys, Wondering if anyone could lend a hand with something, as my coding foo is not strong. I'm trying ...
  1. #1
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    31

    SQUID - AUP Redirect

    Hi Guys,

    Wondering if anyone could lend a hand with something, as my coding foo is not strong.

    I'm trying (if possible) to implement a simple redirect for AUP within squid, so users have to accept a policy.

    A user would request for example google.com, squid would than check its redirect program and issue a 302 redirect to a locally hosted webpage containing the schools "Internet AUP" wherein they are able to accept, a cookie is set, and they than proceed to the page they requested.

    Now obviously, there are a few problems.

    1) Redirect script would need to catch the url requested from squid, and redirect at the end
    2) Redirect script would need to check if a 12hour cookie has been set thus the user has previously accepted the AUP
    3) Redirect script would need to be able to catch all URLS, er say *.*?

    Without catching the initial url, there isnt much point as the redirect page would jusst halt the process if a cookie is set.

    Does anyone think this can be done?

    I found this on squid-cache.org (PHP)

    url_rewrite_program /etc/squid/redirect.php

    PHP Code:
    <?php

    $temp 
    = array();

    while ( 
    $input fgets(STDIN) ) {
      
    // Split the output (space delimited) from squid into an array.
      
    $temp split(' '$input);

      
    // Set the URL from squid to a temporary holder.
      
    $output $temp[0] . "\n";

      
    // Check the URL and rewrite it if it matches limewire.com
      
    if ( strpos($temp[0], "limewire.com") ) {
        
    $output "302:http://www.google.com/\n";
      }
      echo 
    $output;
    }

  2. Thanks to ahuxham from:

    matt40k (30th September 2008)

  3. #2

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,522
    Thank Post
    374
    Thanked 677 Times in 551 Posts
    Rep Power
    166
    Could do a simple NTLM authenication. The have the page change the user membership. Could be nicer I think. However not sure how easy that would be not mucking around with squid anymore... or ldap for that matter.

  4. #3
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    31
    Quote Originally Posted by matt40k View Post
    Could do a simple NTLM authenication. The have the page change the user membership. Could be nicer I think. However not sure how easy that would be not mucking around with squid anymore... or ldap for that matter.
    We do NTLM authentication at present, however we don't implement any group/user membership actions.

    NTLM >(yes accepted)> change to general trusted> wbinfo_group.pl > allow etc?

  5. #4

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,522
    Thank Post
    374
    Thanked 677 Times in 551 Posts
    Rep Power
    166
    Yes you can do what you want to do. Exact instructions I can't help with. Unless you want to pay

    Sorry I can't help much more. If I was still working in a school I would help a lot more as I'll be doing it too

    Might be worth posting something on the Dansguardian forum. Sounds like there kind of thing

    Really good idea by the way. I've only heard of people putting AUP on login.

  6. #5
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    31
    So at the moment I'm scrapping together the functions or aspects of it all in block pieces. I think the cookie part is done, and the setting of the cookie.

    aup.php (squid redirect)

    PHP Code:
    <?
    // DURATION FUNCTION FOR COOKIE, 12HOURS
        $duration = time()+(60*60*12);

    // CHECK COOKIE, HAS USER PREVIOUSLY ACCEPTED AUP?
        if (!$aup_accepted)
        {
            $accepted = $_POST[accepted];        
        }
        else
        {
            $accepted = $aup_accepted;            
        } // NEED TO ADD IF ACCEPT REDIRECT, IF NOT DISPLAY AUP+FORM
        
        
    // SET COOKIE FOR AUP DETECTED, WITH DURATION OF 12HOURS.    
        if ($_POST[accepted] == "Yes")
            {
                setcookie("aup_accepted", $duration);                
            }
            
    // REDIRECT
        header("Location:]");
    ?>
    Which is that function, and the form is simply:

    Code:
    <div align="center">Do you accept this Acceptable Usage Policy?</div>
    <FORM METHOD="POST" ACTION="aup.php">
    <input type="submit" name="accepted" value="Yes">
    <input type="submit" value="No" <!-- need to add a function here to do null, or JS to close browser? -->>
    </FORM>
    I'm not that great at PHP, I do have my PHP for dummies book on my desk, I think, somehow I'll cobble it all together, contribution most welcome ;]
    Last edited by ahuxham; 1st October 2008 at 01:38 PM. Reason: 120hours instead of 12 hours =(

  7. #6

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,522
    Thank Post
    374
    Thanked 677 Times in 551 Posts
    Rep Power
    166
    It'll mean the have to except it daily

    Also Cookies would be client side so it's rather insecure.

  8. #7
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    31
    Quote Originally Posted by matt40k View Post
    It'll mean the have to except it daily

    Also Cookies would be client side so it's rather insecure.
    Thats the plan, every day they accept the AUP and abide by it.

    Care to explain how client side would be insecure? I don't really understand the statement (I'm not foo-literate regards php/cookies/security)

  9. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Wrong tool for the job don't you think? You should be using some captive portal software.

    Sweetspot: Layer 3 network access controller

  10. #9
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    31
    Quote Originally Posted by Geoff View Post
    Wrong tool for the job don't you think? You should be using some captive portal software.

    Sweetspot: Layer 3 network access controller
    Seems highly complicated, and my knowledge of packet capturing, redirection, and the likes is limited. I'd have no idea how to get it all working.

    Do requests go Squid (ntlm)> DG > Squid(cache) > Captive Portal, or does the CP come in first, last and the likes =(

  11. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    CP -> Squid(NTLM) -> DG -> Squid(cache) -> Internet.



SHARE:
+ Post New Thread

Similar Threads

  1. Redirect Google?
    By KWestos in forum How do you do....it?
    Replies: 23
    Last Post: 2nd July 2008, 11:27 AM
  2. Redirect My Pictures
    By Newton in forum Windows
    Replies: 4
    Last Post: 14th April 2008, 10:26 AM
  3. wierd redirect
    By Scotmk in forum Web Development
    Replies: 7
    Last Post: 21st November 2007, 05:39 PM
  4. Squid Webpage redirect
    By Stese in forum *nix
    Replies: 18
    Last Post: 14th June 2007, 11:57 AM
  5. Is it possible to redirect a share?
    By ChrisH in forum Windows
    Replies: 6
    Last Post: 29th March 2006, 09:16 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •