+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
*nix Thread, Squid help needed in Technical; Hello all I hope you all had a good Christmas and New year. Well back to work and I am ...
  1. #1
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22

    Squid help needed

    Hello all I hope you all had a good Christmas and New year.

    Well back to work and I am faced with a problem. I have just setup a squid proxy server and everything is working really well in the sense of reporting stats on internet usage and I have got youtube for education working. The problem is when I try to access the LEA's staff proxy http://login.staffproxy I can't resolve the login page. Normally the browsers proxy would be the LEA but now I am using the internal proxy I have set the LEA's proxy as the parent proxy but that doesn't seem to work.

    Anyone have an idea what I need to do?

  2. #2

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    login.staffproxy is not a correct internet host/domain

    how is the IP of this normaly resolved?

    Rob

  3. #3

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Thinking on it...

    Your old Proxy would have known about staffproxy

    so you need to tell your proxy where to pull the domain staffproxy from..

    it's sort of "reverse proxy" ,

    Tips for setting up Squid in Reverse Proxy (Web Accelerator ‘accel’) mode—Balint’s Blog

    May help

    When your client asks your proxy for login.staffproxy, it matches that and sends the request to the parent proxy.

    Rob

  4. #4
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    Thanks I will give that a try

  5. #5
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    Maybe I am being stupid but I can't see anything that enables what I am trying to do

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    What is the purpose of the 'LEA staff proxy' and why do you want to access it via your internal squid proxy?

  7. #7

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    It's a couple of years since I did any squid RevP.

    it will be something allong the lines of

    #setup the parent proxy
    cache_peer LEAPROXYIP parent 8080 0 no-query originserver no-digest name=PROXYATTHELEA

    # create an acl for the site
    acl STAFFPROXY dstdomain LOGIN.STAFFPROXY

    # allow the site to use the peer
    cache_peer_access LEAPROXY allow STAFFPROXY
    cache_peer_access LEAPROXY deny all


    There may be another way to do it.

    Rob

  8. #8
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    Quote Originally Posted by Geoff View Post
    What is the purpose of the 'LEA staff proxy' and why do you want to access it via your internal squid proxy?
    Geoff the LEA proxy handles the schools web filtering, and for teachers to get unfiltered access they need to log on to the LEA's proxy. I am putting in a proxy on site so I can track user website access. At present we have had no way of tracking users on the internet. The fact is I got asked by SLT for some information and was unable to supply it hence the onsite proxy.

    twin-turbo thanks for that funnily I had just read something about cache_peer soI will give your method a go in the morning. Thanks very much.

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    You can't chain proxy authentication like that. If you used the staff proxy as an upstream it would end up authenticating your proxy with whatever staff member happened to login first. Then all subsequent accesses via you proxy will be handled as if that staff member was accessing the websites. I imagine this isn't what you want to happen.
    Last edited by Geoff; 3rd January 2013 at 05:48 PM.

  10. #10
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    no you are right Geoff it must be unique for each user.

  11. #11

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Your teachers will have to bypass your internal proxy then.

  12. #12
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    So you don't think there is a way of achieving it then?

  13. #13
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    685
    Thank Post
    4
    Thanked 150 Times in 139 Posts
    Rep Power
    54
    The login.staffproxy is only available on the SWGfL if you are pointing to the specific proxy server and not the general one for your school, otherwise the kids could gain access.
    Depending how you defined your upstream proxy in Squid will depend if it will work (such as maybe needing 2 local, 1 for students, 1 for staff)

    I think what I had to do was make sure the cache_peer line contained the login=PASS as below
    cache_peer proxyname.swgfl.org.uk parent 8080 0 proxy-only no-digest login=PASS

  14. #14
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    Quote Originally Posted by Boredguy View Post
    The login.staffproxy is only available on the SWGfL if you are pointing to the specific proxy server and not the general one for your school, otherwise the kids could gain access.
    Depending how you defined your upstream proxy in Squid will depend if it will work (such as maybe needing 2 local, 1 for students, 1 for staff)

    I think what I had to do was make sure the cache_peer line contained the login=PASS as below
    cache_peer proxyname.swgfl.org.uk parent 8080 0 proxy-only no-digest login=PASS
    I have got a proxy server for each for that reason, so you have it working thats great to hear I will give that a go in the morning.

  15. #15
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    704
    Thank Post
    42
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    I am still having problems getting this to work and I have just found this info, does this mean I have to have the swgfl usernames in the proxy settngs


    use 'login=PASS' if users must authenticate against
    the upstream proxy or in the case of a reverse
    configuration, the origin web server. This will pass
    the users credentials as they are to the pee
    Note: To combine this with local authentication the Basic
    authentication scheme must be used, and both servers must
    share the same user database as HTTP only allows for
    a single login (one for proxy, one for origin server
    Also be warned this will expose your users proxy
    password to the peer. USE WITH CAUTION



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 6
    Last Post: 15th June 2007, 01:30 PM
  2. Exchange Help Needed
    By timbo343 in forum Windows
    Replies: 6
    Last Post: 4th February 2007, 07:22 PM
  3. Help! Need a BIOS re-flashed
    By ajbritton in forum Hardware
    Replies: 2
    Last Post: 28th December 2006, 01:16 PM
  4. Help needed to reconfig my DC's
    By tosca925 in forum Windows
    Replies: 16
    Last Post: 20th November 2006, 11:45 PM
  5. Help needed creating a DMZ
    By pooley in forum Wireless Networks
    Replies: 12
    Last Post: 11th January 2006, 11:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •