Squid Webpage redirect

[Stese]

Hi...

I'm sure this has been asked before, but i've searched for it here, and on google...

I'm trying to get my squid proxy to redirect a webdomain (rmays.hants.sch.uk) to a local IP address.

I'm fairly sure its possible, but i'm not sure on the exact keywords to use in squid.conf

(I did see that Geoff had said he's posted instructions on how to re-write URLS, but I was unable to find that as well!)

Many thanks,

Stese

[Geoff]

You can be lazy and fudge this in the squid proxy servers hosts file. Alternatively you can rewrite the url. However you will need to use SquidGuard to do this.

[Stese]

I'd rather not have to install squid guard...

I've already got Dansguardian installed... if that helps?

[Geoff]

Hmm, actually, why do you have to do this?

[greenfieldsupport]

Id just cheat...
and make a new DNS entry in your namespace...
Tell your dns server that rmays.hants.sch.uk = *internal ip*

That way your squid will lookup the IP, and then ask your internal IP for the files...


we have a system like that here

int.greenfieldschool.net to the world = our external IP addy
int.greenfieldschool.net inside greenfield = 10.0.0.5
...

That would be my advice.
But maybe im not understanding the question....

[Stese]

@ Geoff

I want to stop internal users going out on to the net to get the school site, which is located on site with an internal IP. It also has an external IP.

Hampshire Arrange the schools on its network as a WAN, so they can technically access any machine when they like, we didn;t like that so put a firewall in between the 2 and used Class C IPs for our network, instead of the hampshire assinged addresses...

The domain .rmays.hants.sch.uk is directed to the external IP address...

Therefore, if a user types that in at the momment, it's passed through our Dansguardian and Squid Box, onto hampshire, who then redirect it the external IP.

I don't want that to happen when the user is on site. I want out squid/dansgaurdian unit to redirect that correctly.

I don't beleive that setting a DNS entry would work, since we don't use rmays.hants.sch.uk as our internal domain name. We do use Rmays.local

A DNS entry on our server would append rmays.local to the end of any doamin we put in.

please correct me if i have made any conceptual mistakes!

Thanks for your help.

[Geoff]

Ah I see. The 'right' way to fix this is to rename your internal DNS domain to reflect reality. i.e. do a domain rename to rmays.hants.sch.uk. At which point you can do a:

Code:

always_direct dstdomain .rmays.hants.sch.uk

in your squid.conf and forget about it.

[Stese]

OK,

I can understand that... Presumably i'd also need to set our DNS server to treat rmays.hants.sch.uk as one particular address, and anything else as the PC's address

say for instance our domain controller goes from rmssrv1.rmays.local to rmssrv1.rmays.hants.sch.uk.

therefore rmssrv1.rmays.hants.sch.uk woud resolve to 192.168.0.1 but rmays.hants.sch.uk 192.168.0.2

Correct?

Also, as changing the domain name is fairly important, What is the 'wrong' way to do it? I'll need to present it to the NM before i can consider it!

[Iain]

I agree with Geoff, but if you think a domain rename will be too much of a headache and don't want to install squidguard (a bit OTT just to do a simple url rewrite IMO), a very simple perl script will be able to do the substitution for you.

redirector.pl:

Code:

#! /usr/bin/perl
# enable buffer autoflush
$|=1;
# read from standard input
while (<STDIN>) { 
        # perform string substitution:
        # replace rmays.hants.sch.uk with 123.456.789.123
        s@http://rmays.hants.sch.uk@http://123.456.789.123@; 
        # print result to standard output
        print STDOUT; 
}

In your squid.conf file modify:

Code:

url_rewrite_program <path to redirector.pl>

and any of the other url_rewrite directives to meet your needs.
Restart the squid daemon and it should start redirecting rmays.hants.sch.uk requests to 123.456.789.123 (remember to change this to the IP address of the server hosting the site!)

Hope this is of some help.

Iain.

[Geoff]

Presumably i'd also need to set our DNS server to treat rmays.hants.sch.uk as one particular address

If you want to do this in DNS you'd have a CNAME redirect rmays.hants.sch.uk to www.rmays.hants.sch.uk. I'm not sure Windows DNS will like this idea.

You might be better off redirecting things on your firewall/reverse proxy (if you have one).

Also, as changing the domain name is fairly important, What is the 'wrong' way to do it? I'll need to present it to the NM before i can consider it!

There's several topics on Edugeek about domain renaming. I suggest you read them. But basically, it's fairly straightforward if you follow the MS instructions. However some care must be taken if you have Exchange.

[Stese]

Ok, thanks for the info...

@ Iain

I'm assuming there isn't a required folder to put the redirector.pl code into?

Many thanks again

Edit:

Am i to assume that the perl script would replace the address with the IP on the actual address bar? Is there a way tp keep the address as rmays.hants.... etc?

[Iain]

No, as long as the squid process as access rights to the location it should work.... I'd stick it in the same location as the squid.conf file. You'll probably have to chmod the file set the execute bit e.g.

Code:

chmod 750 redirector.pl

It shouldn't effect what appears in the addesss bar, it just tells squid to fetch the web page from a defferent location.

Iain.

[Stese]

OK, i've created the file and added the url_rewrite_program <file> into the squid.conf...

on doing a 'squid -k parse' I get an error message :

Code:

parseConfigFile: line 324 inrecognized: 'url_rewrite_program /etc/squid/redirect.pl'

:s any ideas? I couldn't find url_rewrite_program to modify... where is it roughtly?

[Iain]

I'm probably using a different version of squid to you. Maybe try redirect_program instead

Take a look at http://www.visolve.com/squid/squid24...direct_program for more info.

Iain.

[Geoff]

If you type 'squid -v' you'll get info about the version, capabilities and compile time options enabled in your squid installation. For example:

Code:

root@titan:~# squid -v
Squid Cache: Version 2.5.STABLE12
configure options:  --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-arp-acl --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools --enable-htcp --enable-poll --enable-cache-digests --enable-underscores --enable-referer-log --enable-useragent-log --enable-auth=basic,digest,ntlm --enable-carp --with-large-files i386-debian-linux