Squid integration - General Questions



  • I'm looking for an open source proxy solution for the company that I work for. I read online that squid is pretty good and I noticed on my PFsense configuration at home, squid is available as a module.

    What we need out of the proxy are the following:

    *Access Control - There should be a web interface for managers to login and create proxy user ID's for external people
    *Good password complexity requirement
    *Lock down the allowed websites

    Does the squid module for pfsense offer all of these?



  • Access Control - This sounds like Captive Portal would be more along the lines of what you are looking for, and yes, Captive Portal can be integrated with Squid.  You could have different ACLs for visitors logging in through the captive portal than your regular users.  Also, User IDs can be set to auto expire which sounds like it might work for your situation.

    Good PWs - I am not aware that Squid/CP/pfSense have any pw complexity requirements, however Squid can be set to use AD for authentication so you could incorporate your complexity requirements there.

    Lock down websites - yes, easily doable



  • mhab12,

    Can captive portal really integrate with Squid? Any site that I can refer that to? Is that applicable to 1.2.3?

    What do you mean by different ACL for Captive Portal visitors? Would Squid capture the login names in the way you mentioned?



  • I don't know about the word 'integrate', but they both work (well) when installed at the same time.  We have been running Squid/CP in production on 1.2.3 since its release.

    You can setup a different set of ACLs based on IP address.  If you want your CP users to be assigned a specific range, then they would also be subject to a different ACL.  We use a VLAN for CP, and that VLAN has all its IPs whitelisted so that CP provides open access, while workstations are subject to a restrictive ACL.

    As far as I know, Squid does not log the user name from the CP.  The CP log does do this.  If you cross reference the time and IP, you should be able to figure out which user accessed the pages in question.



  • Thanks for clearing my skies.

    I am cross referencing the squid log and CP log with script running on another linux box. User names are inserted to the un field on the squid log and they are parsed with lightsquid. Should be working until I complete the scripts.


Locked