Re: [squid-users] website access list

From: Billy Macdonald <[email protected]>
Date: Sat, 19 Jun 2004 17:26:35 -0700

Khawar Nehal wrote:

> How about asking the users to save their password in their browser.
>
> Then they shall not have to reenter or remember it.
>
>
> Elsen Marc wrote:
>
>>
>>
>>
>>>
>>>
>>>> Our company has just made it policy for everyone to have internet
>>>> access, but they need to know who goes to what sites. I am running
>>>> squid and users are using Windows desktop machines, our network uses
>>>> DHCP for IP assigning. What I was wondering is, is there a way that
>>>> I could track website access from the IP that is logged by
>>>> Squid "asking" the DHCP or WINS server who had or has this IP at a
>>>> particular time. I know it is much easier by just using SARG and
>>>> usernames, but what management does not want is to burden users with
>>>> another password and username to remember and also have to
>>>
>>> type it in
>>>
>>>
>>>> everytime they request a webpage.
>>>>
>>>
>>> You can use the MAC address of every machine to give the access to
>>> them.
>>> But you to recompile the squid with --enable-arp-acl option.
>>>
>>> Check more at
>>> http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.20
>>>
>>>
>>>
>>
>> The disadvantage about that is that SQUID can only know MAC addresses
>> from clients on the same subnet.
>> NTLM authentication could be used which does not require users to enter
>> their password (again) when using SQUID.
>>
>> M.
>>
>>
>
>
If you have DDNS in place then log-fqdn might be an option. I haven't
messed with it much.

Another option is on Windows DNS there is an option I think to forward
unresolved addresses to WINS. Combined with the log-fqdn this may work
as well.

And as a final option I would add that if you are using Internet
Explorer NTLM authentication is a possibility. That is passed
automatically from the browser to the proxy without user input. This is
our solution where I work.

Billy
Received on Sat Jun 19 2004 - 18:28:32 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT