AUP w/ squid redirections

[alterself]

I am an 'advanced' linux/network admin looking for assistance...
I have a gentoo linux box w/ iptables redirecting all traffic through it to the local squid box. I would like to have people 'agree' to an AUP (acceptable use policy) before they are able to access the internet. (like a hotel does)
I have been scouring the internet for answers to this and have (so far) come up with nothing.
Any help would be greatly appreciated.
In the meantime I will be browsing the forums here and answering some questions.
thanks!

[falko]

You could set up an Apache, and if people come there the first time, they see the AUP, and after they've accepted it, you could use Apache's proxy module to fetch the content from Squid. Something like

Code:

ProxyPassReverse / http://<squid_server>:8080/

in combination with rewrite rules...

[alterself]

hm...ok. I have apache already running on the box, but do not have that module right now. I will have to research that, but it sounds as if that would work.
Would all the traffic then go though apache as well as squid?

[falko]

Quote:

Originally Posted by alterself

Would all the traffic then go though apache as well as squid?

Yes. I don't know any other solution right now...

[alterself]

hmm...ok, i think that would add a little too much load on apache, but the server is a big boy... so anyway, do you have any idea how they manage to do it at hotels and other 'public' access networks?

Let me give you more details. This network is on a vlan of the hospital network (on which i am the admin) and this vlan is going to be for public access (wireless and wired). We need/want to be able to make people agree to an AUP first. I already have the public network going through the squid box via iptables (transparently) as i stated already. This box is running apache, and many other GPL'd based software as well.

SO, if you have any other ideas (im still workin on the apache module) please let me know.
thanks!

[falko]

Quote:

Originally Posted by alterself

hmm...ok, i think that would add a little too much load on apache, but the server is a big boy... so anyway, do you have any idea how they manage to do it at hotels and other 'public' access networks?

No, not really.
Another solution might be that you make Squid redirect the first request from every client to your AUP page by manipulating the fist DNS query...

[alterself]

ok. all these ideas sound great, and no offence to you, as you have been a great help, but I need working solutions. I have asked this question other places and scoured the net for answers, and all anyone has is theories...

I think the dns query would be a good way to do it, but how would it get straighted out that it was the 'first' time that machine had been on that network, so that it didnt just randomly kick users back to the AUP?

This may turn out to be completly futile after all.

[falko]

I can't give you an out-of-the-box solution as I've never done something like this before. I can only give you food for thought...

[alterself]

Quote:

Originally Posted by falko

I can't give you an out-of-the-box solution as I've never done something like this before. I can only give you food for thought...

...yes i know that (now). As I said, I do appreciate the ideas.
Hopefully we can get a few other people to pick up on this thread and provide some feedback.

Somewhere out there someone other me has had to have wanted to do this. [and got it to work...]

thanks again!