Can I use Routix NetCom for http filter and redirection to another content?
33 views
Skip to first unread message
Rick
Aug 5, 2008, 1:24:44 PM8/5/08
to Routix
Can I do something like this?
1-Install in a gateway computer.
2-Check URL submission from clients on the network against a blacklist
of sites and/or IP, IP ranges.
3-If a match occurs, redirect people to customized pages like "Access
Denied. This site may contain virus" or "This is a porn site. I am
watching you...".
:)
1-Install in a gateway computer.
2-Check URL submission from clients on the network against a blacklist
of sites and/or IP, IP ranges.
3-If a match occurs, redirect people to customized pages like "Access
Denied. This site may contain virus" or "This is a porn site. I am
watching you...".
:)
Routix.net
Aug 6, 2008, 1:32:25 AM8/6/08
to Routix
This is not possible because no URL conditions exists in program. The
URL actions only.
For your scenario you'll use SquidNT in transparent mode and forward/
map all incoming packets on port 80 to a SquidNT port.
How to create forward/mapping rule?
Conditions:
Interfaces: All incoming packets through = LAN NIC
Protocols: = TCP
Ports: Destination port = 80 (or in range = needed HTTP ports)
Add IP conditions if needed
Actions:
Replace source port = Automatically
Replace destination port = 3128 (or other on which SquidNT listen's)
Add data about packet to the NAT table = Enabled
Also you can replace destination IP if SquidNT installed on other
machine of your LAN.
Now you can create in SquinNT URL filtering rules/expressions and also
show needed DENY page to users.
URL actions only.
For your scenario you'll use SquidNT in transparent mode and forward/
map all incoming packets on port 80 to a SquidNT port.
How to create forward/mapping rule?
Conditions:
Interfaces: All incoming packets through = LAN NIC
Protocols: = TCP
Ports: Destination port = 80 (or in range = needed HTTP ports)
Add IP conditions if needed
Actions:
Replace source port = Automatically
Replace destination port = 3128 (or other on which SquidNT listen's)
Add data about packet to the NAT table = Enabled
Also you can replace destination IP if SquidNT installed on other
machine of your LAN.
Now you can create in SquinNT URL filtering rules/expressions and also
show needed DENY page to users.
Rick
Aug 6, 2008, 8:42:25 AM8/6/08
to Routix
Ok.
Can I set the following? 1 and 2 at same time:
1-I wish limit speed of port 80 to download 10kb/s for each client
(100kb = 10 browsers) excepting in "happy hours" where I can set
downloads to 20kb/s.
2-I wish pass thru SquidNT rules from 8:00am to 8:pm, the rest will go
direct. (Happy hours)
Can I set the following? 1 and 2 at same time:
1-I wish limit speed of port 80 to download 10kb/s for each client
(100kb = 10 browsers) excepting in "happy hours" where I can set
downloads to 20kb/s.
2-I wish pass thru SquidNT rules from 8:00am to 8:pm, the rest will go
direct. (Happy hours)
Routix.net
Aug 6, 2008, 9:12:35 AM8/6/08
to Routix
Yes.
But for speed limiting two rules per client needed.
Below of all speed limiting rules for clients you'll create one rule
for SquidNT.
Note: rules with packet action "None" can successfully limit bandwidth
and push packets to the next rules.
For example:
Create rule "Client 1 speed"
In this rule set needed conditions like IP of client, time and others
and packet action "None".
Set bandwidth limit.
Create rule "Client 1 speed happy hours"
Same as previous rule but with different speed limit and time of happy
hours
Create two rules per each other client like described above but with
changed IP conditions.
Below of all clients rules create SquidNT rule which will be valid in
specified time. If time does not match - this rule will be skipped and
packet will be pushed to the next rule.
I am clearly explained?
Sorry, but my English is not good.
> > map all incoming packets on port 80 to a SquidNT port.- Hide quoted text -
>
> - Show quoted text -
But for speed limiting two rules per client needed.
Below of all speed limiting rules for clients you'll create one rule
for SquidNT.
Note: rules with packet action "None" can successfully limit bandwidth
and push packets to the next rules.
For example:
Create rule "Client 1 speed"
In this rule set needed conditions like IP of client, time and others
and packet action "None".
Set bandwidth limit.
Create rule "Client 1 speed happy hours"
Same as previous rule but with different speed limit and time of happy
hours
Create two rules per each other client like described above but with
changed IP conditions.
Below of all clients rules create SquidNT rule which will be valid in
specified time. If time does not match - this rule will be skipped and
packet will be pushed to the next rule.
I am clearly explained?
Sorry, but my English is not good.
>
> - Show quoted text -
Rick
Aug 6, 2008, 9:39:33 AM8/6/08
to Routix
Sure. I can clearly understand you. And by the way, English is not my
native language too, so, sometimes I write "unusual" english
expressions too. :)
But...
I dont want to set a pair of rules for EACH client. I want to set a
more generic that covers ALL those clients, something like:
- If packet (comes from the ADAPTER1 (LAN)) and (destination port is
80) and (destination IP is not 192.168.*.*) and (time is between 8:00
and 19:59) then limit speed to 10kb
- If packet (comes from the ADAPTER1 (LAN)) and (destination port is
80) and (destination IP is not 192.168.*.*) and (time is between 8:00
and 19:59) then route the packet to SQUIDNT
- If packet (comes from the ADAPTER1 (LAN)) and (destination port is
80) and (destination IP is not 192.168.*.*) and (time is not between
8:00 and 19:59) then limit speed to 20kb
native language too, so, sometimes I write "unusual" english
expressions too. :)
But...
I dont want to set a pair of rules for EACH client. I want to set a
more generic that covers ALL those clients, something like:
- If packet (comes from the ADAPTER1 (LAN)) and (destination port is
80) and (destination IP is not 192.168.*.*) and (time is between 8:00
and 19:59) then limit speed to 10kb
- If packet (comes from the ADAPTER1 (LAN)) and (destination port is
80) and (destination IP is not 192.168.*.*) and (time is between 8:00
and 19:59) then route the packet to SQUIDNT
- If packet (comes from the ADAPTER1 (LAN)) and (destination port is
80) and (destination IP is not 192.168.*.*) and (time is not between
8:00 and 19:59) then limit speed to 20kb
Routix.net
Aug 6, 2008, 9:59:32 AM8/6/08
to Routix
You must understand: bandwidth can be limited PER-RULE but not per-
connection and not per-client. In this reason your generic rule can
limit bandwidth for all clients to 10 or 20 KB.
> > > - Show quoted text -- Hide quoted text -
connection and not per-client. In this reason your generic rule can
limit bandwidth for all clients to 10 or 20 KB.
Reply all
Reply to author
Forward
0 new messages