*nix Thread, Squid help needed in Technical; Hello all I hope you all had a good Christmas and New year.
Well back to work and I am ...
3rd January 2013, 11:53 AM #1
Squid help needed
Hello all I hope you all had a good Christmas and New year.
Well back to work and I am faced with a problem. I have just setup a squid proxy server and everything is working really well in the sense of reporting stats on internet usage and I have got youtube for education working. The problem is when I try to access the LEA's staff proxy http://login.staffproxy I can't resolve the login page. Normally the browsers proxy would be the LEA but now I am using the internal proxy I have set the LEA's proxy as the parent proxy but that doesn't seem to work.
Anyone have an idea what I need to do?
3rd January 2013, 12:32 PM #2
login.staffproxy is not a correct internet host/domain
how is the IP of this normaly resolved?
3rd January 2013, 12:38 PM #3
Thinking on it...
Your old Proxy would have known about staffproxy
so you need to tell your proxy where to pull the domain staffproxy from..
it's sort of "reverse proxy" ,
Tips for setting up Squid in Reverse Proxy (Web Accelerator ‘accel’) mode—Balint’s Blog
When your client asks your proxy for login.staffproxy, it matches that and sends the request to the parent proxy.
3rd January 2013, 12:39 PM #4
Thanks I will give that a try
3rd January 2013, 03:44 PM #5
Maybe I am being stupid but I can't see anything that enables what I am trying to do
3rd January 2013, 04:08 PM #6
What is the purpose of the 'LEA staff proxy' and why do you want to access it via your internal squid proxy?
3rd January 2013, 04:47 PM #7
It's a couple of years since I did any squid RevP.
it will be something allong the lines of
#setup the parent proxy
cache_peer LEAPROXYIP parent 8080 0 no-query originserver no-digest name=PROXYATTHELEA
# create an acl for the site
acl STAFFPROXY dstdomain LOGIN.STAFFPROXY
# allow the site to use the peer
cache_peer_access LEAPROXY allow STAFFPROXY
cache_peer_access LEAPROXY deny all
There may be another way to do it.
3rd January 2013, 05:09 PM #8
Geoff the LEA proxy handles the schools web filtering, and for teachers to get unfiltered access they need to log on to the LEA's proxy. I am putting in a proxy on site so I can track user website access. At present we have had no way of tracking users on the internet. The fact is I got asked by SLT for some information and was unable to supply it hence the onsite proxy.
Originally Posted by Geoff
twin-turbo thanks for that funnily I had just read something about cache_peer soI will give your method a go in the morning. Thanks very much.
3rd January 2013, 05:40 PM #9
You can't chain proxy authentication like that. If you used the staff proxy as an upstream it would end up authenticating your proxy with whatever staff member happened to login first. Then all subsequent accesses via you proxy will be handled as if that staff member was accessing the websites. I imagine this isn't what you want to happen.
Last edited by Geoff; 3rd January 2013 at 05:48 PM.
3rd January 2013, 05:44 PM #10
no you are right Geoff it must be unique for each user.
3rd January 2013, 05:53 PM #11
Your teachers will have to bypass your internal proxy then.
3rd January 2013, 06:04 PM #12
So you don't think there is a way of achieving it then?
3rd January 2013, 09:17 PM #13
The login.staffproxy is only available on the SWGfL if you are pointing to the specific proxy server and not the general one for your school, otherwise the kids could gain access.
Depending how you defined your upstream proxy in Squid will depend if it will work (such as maybe needing 2 local, 1 for students, 1 for staff)
I think what I had to do was make sure the cache_peer line contained the login=PASS as below
cache_peer proxyname.swgfl.org.uk parent 8080 0 proxy-only no-digest login=PASS
3rd January 2013, 10:08 PM #14
I have got a proxy server for each for that reason, so you have it working thats great to hear I will give that a go in the morning.
Originally Posted by Boredguy
7th January 2013, 11:23 AM #15
I am still having problems getting this to work and I have just found this info, does this mean I have to have the swgfl usernames in the proxy settngs
use 'login=PASS' if users must authenticate against the upstream proxy or in the case of a reverse
configuration, the origin web server. This will pass
the users credentials as they are to the pee
Note: To combine this with local authentication the Basic
authentication scheme must be used, and both servers must
share the same user database as HTTP only allows for
a single login (one for proxy, one for origin server
Also be warned this will expose your users proxy
password to the peer. USE WITH CAUTION
By jason_in98 in forum Hardware
Last Post: 15th June 2007, 01:30 PM
By timbo343 in forum Windows
Last Post: 4th February 2007, 07:22 PM
By ajbritton in forum Hardware
Last Post: 28th December 2006, 01:16 PM
By tosca925 in forum Windows
Last Post: 20th November 2006, 11:45 PM
By pooley in forum Wireless Networks
Last Post: 11th January 2006, 11:42 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)