Home / server / Questions / 128509
Accepted
Knight Samar
Asked: 2010-04-02 07:49:03 +0800 CST

Routing and authenticating all access through squid

  • 772

I want to route all Internet access in my network through a Squid proxy server and authenticate and log all users. I want this to be a client-independent setting so that no one needs to do anything on their browsers or machines.

I have set my network gateway as the proxy server so that all traffic will be sent to it. I have done this using options in DHCP server.

  1. Now I tried using squid as a transparent proxy, but then it won't authenticate in that mode.
  2. I tried using iptables to route all traffic to port 3128 but it won't popup the authentication dialog box from SQUID.

  3. I tried telling DHCP to give WPAD to all clients by placing a WPAD file on a webserver containing the following for automatic proxy configuration on clients:

    Changes in dhcpd.conf

option wpad code 252 =test;

option wpad "\n\000";

option wpad "http://192.168.1.5/wpad.dat\n";

The WPAD file:

function FindProxyForURL(url,host)

{

return "PROXY squid-server-ip-address:3128 ; DIRECT ";

}

But the browsers (different versions of Firefox and IE) seem to ignore it. :(

What should I do ?

proxy squid internet gateway

1 Answers

  1. Best Answer

    Think your DHCP options may be off... From: http://www.wlug.org.nz/WPAD

    Add the following to your /etc/dhcpd.conf:

    option option-252
    "http://wpad.host.co.nz/proxy.pac";

    With ISC DHCP v3+, option-# options don't work. You have to do this in the global section of your configuration:

    option wpad-url code 252 = text;
    (define a new option)

    And add this in either the global or appropriate subnet section(s) of your configuration:

    option wpad-url
    "http://wpad.my.domain.tld/proxy.pac\n"; (use new option)

    Also, you will find that auth in transparent mode in squid is not really possible. Some commercial web filters do work around this (indeed I work for SmoothWall, one such filter).

    • 2