3

I want to setup squid proxy server to be used without manually configuring the browser to use a proxy. For example I should be able to do this in the browser address bar: htttp://squidserverip:3128/www.serverfault.com. It did not work for me with my basic squid configuration.

What I want is a basic http proxy server with some authentication feature. When the users put the url of the proxy server in the browser address bar (e.g. www.proxyserver.net), on getting authenticated, it will display a list of urls that can be accessed through the proxy. Clicking on those urls will fetch those sites through the proxy.

nixnotwin
  • 1,543
  • 5
  • 35
  • 55
  • It seems that you need web server instead of proxy server. The web page will show you the allowed URLs and then fetch them for you when requested. The page can be protected with username/password (authenticated). – Khaled Feb 14 '12 at 07:49
  • I'm pretty sure this is what you are looking for: http://en.wikipedia.org/wiki/Proxy_auto-config . Your DHCP server can then announce the presence of the PAC file via dhcp option 252. You should read up on how to configure your specific DHCP server to do that – Cillier Oct 15 '13 at 16:07
  • My guy, you have one to many "t"s in "http" XD! That might help you a bit! – html_java Nov 04 '20 at 19:24

4 Answers4

0

WARNING: OLD ANSWERS

While ab77 and Ciller have given 2 different methods to provide what you actually asked for, there are some caveats.

  1. Using the transparent proxy method requires you to change the default route on clients. Traffic other than HTTP and HTTPS will not be routed via the proxy. Further, most sites now use HTTPS. While squid can be configured to generate certificates on the fly (Google "squid ssl bump") this is not trivial to setup, undermines the security of connections and requires your chosen CA cert to be installed on all clients.

  2. Using a PAC file is generally a much better approach, but depends on provisioning addresses via DHCP.

symcbean
  • 21,009
  • 1
  • 31
  • 52
0

You most likely want something along the lines of an HTTP/web-based proxy. Something like the discontinued PHProxy would do what you're after.

http://sourceforge.net/projects/poxy/

Ashley
  • 648
  • 1
  • 6
  • 15
  • Hi @nixnotwin...did you ever find something that worked for you? Would appreciate some feedback. Cheers. – Ashley Apr 01 '12 at 10:34
0

The bit about not manually configuring the browser, can be achieved by setting up your network to transparently redirect all HTTP requests (note: not HTTPS) to your squid proxy. Search for "transparent proxy redirection iptables" on this forum for an example on how to do it with iptables.

Once your user is redirected to the proxy server, you can use ACLs in squid to block certain URLs, while allowing others. You should also be able to configure a custom error page is squid to achieve your "captive portal", where you would list URLs a user has permissions to access.

Alternatively, these sorts of features are baked into most entry-level Enterprise firewalls, such as FortiGate. You may want to look into that as well..

-- ab1

ab77
  • 625
  • 4
  • 7
0
  1. Write a PAC file that mimics your requirements
  2. Host that file on a server somewhere on your LAN
  3. Configure your DHCP server to announce the location of that PAC file
  4. Configure the broswers on your LAN to use "Automatic Proxy Configuration Settings" ( In your browser options )

Some relevant links:

http://www-archive.mozilla.org/catalog/end-user/customizing/enduserPAC.html

http://en.wikipedia.org/wiki/Proxy_auto-config

http://technet.microsoft.com/en-us/library/dd361887.aspx

Cillier
  • 214
  • 1
  • 3