Squid Proxy User Auth & Logging Mechanism

[Nishith Vyas]

Hello,

Presently,  SQUID PROXY Server is running properly since 3+ years. Now, I would like to implement below configuration using "Native Squid Utility" or any "Open source tool"

The requirement is,

1) User based internet authentication in SQUID
     Example: Every user have to give proper user name & password to access websites.

2) Group wise internet access.
     Example: 10 Users should be able to access 3/4 websites only. Rest all sites shall be blocked for the particular group only.

I am using "SARG" to get IP Wise Internet usage. So, is it possible to get "user wise" HTML Reports using SQUID? I have already gone through various "open source web content filter tools",but didn't find proper documentation as per the need.

Some of the tools i have checked are,

untangle
ebox
clearos
pfsense
smoothwall community

Let me know if someone is having such solution.



Regards,
Nishith N.Vyas

[puli puli]

Hi,

Try with Endianfirewall....you can integrate with active directory for user based internet access.

Thanks,
Puli

--
--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG
 
 
 

[ElectroMech]

Hi,

On Thu, Aug 16, 2012 at 5:07 PM, Nishith Vyas <nishit...@gmail.com> wrote:

Hello,

Presently,  SQUID PROXY Server is running properly since 3+ years. Now, I would like to implement below configuration using "Native Squid Utility" or any "Open source tool"

The requirement is,

1) User based internet authentication in SQUID
     Example: Every user have to give proper user name & password to access websites.

This is built in facility in squid, better you try to use ldap or if you have ADS, use directory service authentication with squid.
 

2) Group wise internet access.
     Example: 10 Users should be able to access 3/4 websites only. Rest all sites shall be blocked for the particular group only.

You can create the same with squid acl and restrict them.
 

I am using "SARG" to get IP Wise Internet usage. So, is it possible to get "user wise" HTML Reports using SQUID? I have already gone through various "open source web content filter tools",but didn't find proper documentation as per the need.

Once the log entry will display user name (as authentication started) SARG will automatically do that, you do not need to install any extra packages.
 
SARG have built in capabilities, it can give reports based on IP or USER name.

Some of the tools i have checked are,

untangle
ebox
clearos
pfsense
smoothwall community

Do not require any of the above, it is built in facility.
 

Let me know if someone is having such solution.



Regards,
Nishith N.Vyas

--

Thanks and Regards.
--
--
Nilesh Vaghela
(RHCSA RHCE)
ElectroMech Corporation
Redhat Channel Partner and Training Partner
302, New York Plaza, Opp Judges Bunglow, Bodakdev, Ahmedabad
22, 1st Floor, Vardhaman Complex, Subhanpura , Baroda.
www.electromech.info

[Vishal Joshi]

Hello Nishith bhai,

On Thu, Aug 16, 2012 at 5:07 PM, Nishith Vyas <nishit...@gmail.com> wrote:

Hello,

Presently,  SQUID PROXY Server is running properly since 3+ years. Now, I would like to implement below configuration using "Native Squid Utility" or any "Open source tool"

The requirement is,

1) User based internet authentication in SQUID
     Example: Every user have to give proper user name & password to access websites.

2) Group wise internet access.
     Example: 10 Users should be able to access 3/4 websites only. Rest all sites shall be blocked for the particular group only.

Please see the below link

Squid with LDAP

Hope it helps.

 

I am using "SARG" to get IP Wise Internet usage. So, is it possible to get "user wise" HTML Reports using SQUID? I have already gone through various "open source web content filter tools",but didn't find proper documentation as per the need.

Some of the tools i have checked are,

untangle
ebox
clearos
pfsense
smoothwall community

Let me know if someone is having such solution.



Regards,
Nishith N.Vyas

--

[Nishith Vyas]

Hello All,

I have configured "NCSA_AUTH" mechanism to make "User level Authentication" in SQUID. Now, trying to make different type of ACL's in SQUID.

Now, SQUID is already working in Transparent mode with "iptables NAT" Rule. As it is a fact that "User Authentication" don't work in "Transparent Mode". So, is it possible to get "Banned Website Logs in SARG or LIGHTSQUID" ?

Regards,

Nishith N.Vyas

[Nishith Vyas]

Hello,

I have blocked some "community sites" in Squid Configurations & working fine. For Example, I have blocked "facebook.com" & "Squid Access Log" is showing "TCP_DENIED" Message, if someone tries to access "facebook".

Now, I want to fetch "TCP_DENIED" data from access log file & want to get such DENIED output in a seperate file or show up in GUI mode i.e. "lightsquid" or "SARG".

is it possible?

---
Nishith N.Vyas

[KING VIKAS MASKE]

Dear
         Nishith N.Vyas Sir

1) User based internet authentication in SQUID

     Example: Every user have to give proper user name & password to access websites.

- Pam is more better than ncsa
Enter the following ACLE and ACRs

acl KnownUsers proxy_auth REQUIRED   


     http_access allow KnownUsers
       http_access deny all


*copy the attached file to /etc/pam.d to work above acl

Group wise internet access.
     Example: 10 Users should be able to access 3/4 websites only. Rest all sites shall be blocked for the particular group only.

Squidguard is best option.
I am using the same but not configured group wise.

http://www.squidguard.org/
http://dansguardian.org/

[Nishith Vyas]

What about TCP_DENIED Message view in GUI Mode?