#1  
Old 22nd February 2006, 17:01
alterself alterself is offline
Junior Member
 
Join Date: Feb 2006
Location: Iowa
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to alterself Send a message via Yahoo to alterself
Default AUP w/ squid redirections

I am an 'advanced' linux/network admin looking for assistance...
I have a gentoo linux box w/ iptables redirecting all traffic through it to the local squid box. I would like to have people 'agree' to an AUP (acceptable use policy) before they are able to access the internet. (like a hotel does)
I have been scouring the internet for answers to this and have (so far) come up with nothing.
Any help would be greatly appreciated.
In the meantime I will be browsing the forums here and answering some questions.
thanks!
Reply With Quote
Sponsored Links
  #2  
Old 22nd February 2006, 19:07
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

You could set up an Apache, and if people come there the first time, they see the AUP, and after they've accepted it, you could use Apache's proxy module to fetch the content from Squid. Something like
Code:
ProxyPassReverse / http://<squid_server>:8080/
in combination with rewrite rules...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 22nd February 2006, 19:58
alterself alterself is offline
Junior Member
 
Join Date: Feb 2006
Location: Iowa
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to alterself Send a message via Yahoo to alterself
Default

hm...ok. I have apache already running on the box, but do not have that module right now. I will have to research that, but it sounds as if that would work.
Would all the traffic then go though apache as well as squid?
Reply With Quote
  #4  
Old 23rd February 2006, 00:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Quote:
Originally Posted by alterself
Would all the traffic then go though apache as well as squid?
Yes. I don't know any other solution right now...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 23rd February 2006, 02:03
alterself alterself is offline
Junior Member
 
Join Date: Feb 2006
Location: Iowa
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to alterself Send a message via Yahoo to alterself
Default

hmm...ok, i think that would add a little too much load on apache, but the server is a big boy... so anyway, do you have any idea how they manage to do it at hotels and other 'public' access networks?

Let me give you more details. This network is on a vlan of the hospital network (on which i am the admin) and this vlan is going to be for public access (wireless and wired). We need/want to be able to make people agree to an AUP first. I already have the public network going through the squid box via iptables (transparently) as i stated already. This box is running apache, and many other GPL'd based software as well.

SO, if you have any other ideas (im still workin on the apache module) please let me know.
thanks!
Reply With Quote
  #6  
Old 23rd February 2006, 08:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Quote:
Originally Posted by alterself
hmm...ok, i think that would add a little too much load on apache, but the server is a big boy... so anyway, do you have any idea how they manage to do it at hotels and other 'public' access networks?
No, not really.
Another solution might be that you make Squid redirect the first request from every client to your AUP page by manipulating the fist DNS query...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 23rd February 2006, 16:21
alterself alterself is offline
Junior Member
 
Join Date: Feb 2006
Location: Iowa
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to alterself Send a message via Yahoo to alterself
Default

ok. all these ideas sound great, and no offence to you, as you have been a great help, but I need working solutions. I have asked this question other places and scoured the net for answers, and all anyone has is theories...

I think the dns query would be a good way to do it, but how would it get straighted out that it was the 'first' time that machine had been on that network, so that it didnt just randomly kick users back to the AUP?

This may turn out to be completly futile after all.
Reply With Quote
  #8  
Old 23rd February 2006, 17:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

I can't give you an out-of-the-box solution as I've never done something like this before. I can only give you food for thought...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 23rd February 2006, 19:26
alterself alterself is offline
Junior Member
 
Join Date: Feb 2006
Location: Iowa
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to alterself Send a message via Yahoo to alterself
 
Default

Quote:
Originally Posted by falko
I can't give you an out-of-the-box solution as I've never done something like this before. I can only give you food for thought...
...yes i know that (now). As I said, I do appreciate the ideas.
Hopefully we can get a few other people to pick up on this thread and provide some feedback.

Somewhere out there someone other me has had to have wanted to do this. [and got it to work...]

thanks again!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Problem.....Access Denied tbaker HOWTO-Related Questions 3 4th February 2006 14:46
HowTo Limit Squid Bandwidth? daniel_rodriguez Server Operation 0 16th January 2006 19:20
Squid as a Reverse Proxy for ISPconfig on the same machine RotHorseKid Installation/Configuration 15 7th December 2005 19:24
Secure and Private Browsing with Squid bernd HOWTO-Related Questions 1 24th May 2005 03:31


All times are GMT +2. The time now is 23:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.