Revision: 6135
http://ipcop.svn.sourceforge.net/ipcop/?rev=6135&view=rev
Author: eoberlander
Date: 2011-11-27 17:56:34 +0000 (Sun, 27 Nov 2011)
Log Message:
-----------
Move CRE section to later Proxy chapter.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/xml/proxy.xml
IPCopDoc/trunk/en/admin/xml/services.xml
Modified: IPCopDoc/trunk/en/admin/xml/proxy.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-11-27 15:31:41 UTC (rev
6134)
+++ IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-11-27 17:56:34 UTC (rev
6135)
@@ -39,6 +39,11 @@
<link linkend="proxy-auth-radius"><guimenuitem>RADIUS
Authentication</guimenuitem></link>
</para>
</listitem>
+ <listitem>
+ <para>
+ <link linkend="proxy-cre"><guimenuitem>Classroom
extensions</guimenuitem></link>
+ </para>
+ </listitem>
</itemizedlist>
</para>
@@ -77,4 +82,221 @@
</para>
</sect2>
+ <sect2 id="proxy-cre">
+ <title>Classroom extensions</title>
+ <para>
+ The ClassRoom Extensions (CRE) to the proxy server
+ give you the ability to delegate administrative tasks to
+ non-administrative users through a separate Web Access
+ Management page.
+ </para>
+ <para>
+ The CRE offers these features:
+ </para>
+ <para>
+ Full web based access management
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Predefined client groups can be turned on or off using a
+ standard web browser.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ All administrative CRE options are accessible and
configurable
+ within the web based IPCop GUI.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Different security levels
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Web Access Management rights can be controlled by password
+ and/or by network address.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ No administrative privileges to the IPCop GUI required for
the
+ Web Access Management.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The Supervisor cannot override any proxy server based
+ restrictions set by the IPCop Admin.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Flexible configuration
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The IPCop Admin can define client groups with MAC
addresses,
+ single IP addresses, IP ranges, subnets or even all of
them.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ The CRE creates a new role, between that of Admin and Users:
+ the Supervisor.
+ </para>
+ <para>
+ The Supervisor can turn on and off web access for predefined
+ groups (e.g. specific computers in a classroom)
+ without the need to have administrative access rights,
+ or knowledge of, the IPCop GUI.
+ </para>
+ <para>
+ The Web Access Management Interface can be started from any
+ client computer.
+ Open a web browser and enter the URL
+ <ulink
url="https://192.168.1.1:8443/cgi-bin/webaccess.cgi";>https://192.168.1.1:8443/cgi-bin/webaccess.cgi</ulink>
+ (replacing the 192.168.1.1 with the IP Address of your IPCop).
+ </para>
+ <para>
+ If the Web Access Management Interface has not yet been enabled
+ by the Admin, you'll see this text:
+ <quote>The management interface has been disabled by the
+ Administrator</quote>.
+ </para>
+ <para>
+ If the Web Access Management Interface has been enabled,
+ but the Admin has not defined any groups, you will see this
+ text: <quote>There are no access groups available</quote>.
+ </para>
+
+ <sect3 id="proxy-cre-configuration">
+ <title>Classroom extensions configuration</title>
+ <para>
+ The classroom extensions are enabled/disabled and configured
on the
+ <link linkend="services-webproxy">proxy server</link>
+ web page.
+ </para>
+ <para>
+ After making any changes, remember to press the
+ <guibutton>Save</guibutton> button to apply them.
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-cre.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-cre.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Classroom extensions configuration</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>Enabled</guilabel></title>
+ <para>
+ Check this box to enable the Supervisor Web Access
+ Management Interface.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Supervisor password</guilabel>
(optional)</title>
+ <para>
+ When this password is set, all Supervisor users must enter
+ the password to manage web access.
+ This is optional, but for security reasons, either set a
+ Supervisor password, or define Supervisor IP addresses.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Supervisor IP addresses (one per
line)</guilabel> (optional)</title>
+ <para>
+ This field allows you to define the IP addresses that will
+ be able to manage web access.
+ This is an optional configuration item which can be used
to
+ increase security, or to simplify management,
+ if you don't want to configure a Supervisor password.
+ </para>
+ </formalpara>
+ <para>
+ For example, add these IP addresses, if you want to
+ allow them Supervisor access:
+ </para>
+ <screen><computeroutput>192.168.1.20
+192.168.1.30</computeroutput></screen>
+ <para>
+ The highest level of security is achieved when both a
Supervisor
+ password is set, and IP restrictions are applied.
+ </para>
+ <formalpara>
+ <title><guilabel>Classroom group definitions</guilabel></title>
+ <para>
+ Your classroom group definitions are entered in this field.
+ A classroom group definition takes this format:
+ </para>
+ </formalpara>
+ <screen><computeroutput>[groupname]
+client MAC address or client IP address or IP range or IP subnet
+client MAC address or client IP address or IP range or IP subnet
+client MAC address or client IP address or IP range or IP
subnet</computeroutput></screen>
+ <para>
+ So, for example, you might have a pair of group definitions
+ like this:
+ </para>
+ <screen><computeroutput>[Example group 1]
+192.168.1.11
+192.168.1.12
+192.168.1.13
+[Example group 2]
+192.168.1.21-192.168.1.25</computeroutput></screen>
+ <para>
+ Each group has a 'groupname', which must be unique.
+ The groupname is the part of the group definition between the
+ square brackets.
+ The name will appear in the web access management interface.
+ </para>
+ <para>
+ Each group can have an unlimited number of client definitions.
+ You can use mixed client definitions within a group,
+ but each definition must be in a single line.
+ Here are some examples:
+ </para>
+ <para>
+ Single host - MAC Address
+ </para>
+ <screen><computeroutput>01:23:45:67:89:0A</computeroutput></screen>
+ <para>
+ Single host - IP Address
+ </para>
+ <screen><computeroutput>192.168.1.11</computeroutput></screen>
+ <para>
+ Host range
+ </para>
+
<screen><computeroutput>192.168.1.21-192.168.1.25</computeroutput></screen>
+ <para>
+ Subnet (netmask notation)
+ </para>
+
<screen><computeroutput>192.168.1.32/255.255.255.240</computeroutput></screen>
+ <para>
+ Subnet (CIDR notation)
+ </para>
+ <screen><computeroutput>192.168.1.32/28</computeroutput></screen>
+ </sect3>
+
+ <sect3 id="proxy-cre-security">
+ <title>CRE security levels</title>
+ <para>
+ Content to follow...
+ </para>
+ </sect3>
+
+ </sect2>
+
</sect1>
Modified: IPCopDoc/trunk/en/admin/xml/services.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/services.xml 2011-11-27 15:31:41 UTC (rev
6134)
+++ IPCopDoc/trunk/en/admin/xml/services.xml 2011-11-27 17:56:34 UTC (rev
6135)
@@ -504,146 +504,9 @@
</para>
<para>
See the
-<!-- <link linkend="proxy-cre">Classroom extensions</link>
---> Classroom extensions [<emphasis>link to
follow...</emphasis>]
+ <link linkend="proxy-cre">Classroom extensions</link>
section for further information.
</para>
-<!-- section to be moved to proxy chapter
- <para>
- The CRE creates a new role, between that of Admin and Users:
- the Supervisor.
- </para>
- <para>
- The Supervisor can turn on and off web access for predefined
- groups (e.g. specific computers in a classroom)
- without the need to have administrative access rights,
- or knowledge of, the IPCop GUI.
- </para>
- <para>
- The Web Access Management Interface can be started from any
- client computer.
- Open a web browser and enter the URL
- <ulink
url="https://192.168.1.1:8443/cgi-bin/webaccess.cgi";>https://192.168.1.1:8443/cgi-bin/webaccess.cgi</ulink>
- (replacing the 192.168.1.1 with the IP Address of your IPCop).
- </para>
- <para>
- If the Web Access Management Interface has not been yet
enabled
- by the Admin, you'll see this text:
- <quote>The management interface has been disabled by the
- Administrator</quote>.
- </para>
- <para>
- If the Web Access Management Interface has been enabled,
- but the Admin has not defined any groups, you will see this
- text: <quote>There are no access groups available</quote>.
- </para>
- <para>
- <figure id="v2.services.013">
- <title>Web proxy - Classroom extensions configuration
Section</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;proxy-cre.&imageext;"
- format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;proxy-cre.&imageext;"
format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>Classroom extensions configuration</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <formalpara>
- <title><guilabel>Enabled</guilabel></title>
- <para>
- Check this box to enable the Supervisor management
interface.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Supervisor password</guilabel>
(optional)</title>
- <para>
- When this password is set, all Supervisor users must enter
- the password to manage web access.
- This is optional, but for security reasons, either set a
- Supervisor password, or define Supervisor IP addresses.
- </para>
- </formalpara>
- <formalpara>
- <title><guilabel>Supervisor IP addresses (one per
line)</guilabel> (optional)</title>
- <para>
- This field allows you to define the IP addresses that will
- be able to manage web access.
- This is an optional configuration item which can be used
to
- increase security, or to simplify management,
- if you don't want to configure a Supervisor password.
- </para>
- </formalpara>
- <para>
- For example, add these IP addresses, if you want to
- allow them Supervisor access:
- </para>
- <screen><computeroutput>192.168.1.20
-192.168.1.30</computeroutput></screen>
- <para>
- The highest level of security is achieved when both a
Supervisor
- password is set, and IP restrictions are applied.
- </para>
- <formalpara>
- <title><guilabel>Classroom group definitions</guilabel></title>
- <para>
- Your classroom group definitions are entered in this field.
- A classroom group definition takes this format:
- </para>
- </formalpara>
- <screen><computeroutput>[groupname]
-client MAC address or client IP address or IP range or IP subnet
-client MAC address or client IP address or IP range or IP subnet
-client MAC address or client IP address or IP range or IP
subnet</computeroutput></screen>
- <para>
- So, for example, you might have a pair of group definitions
- like this:
- </para>
- <screen><computeroutput>[Example group 1]
-192.168.1.11
-192.168.1.12
-192.168.1.13
-[Example group 2]
-192.168.1.21-192.168.1.25</computeroutput></screen>
- <para>
- Each group has a 'groupname', which must be unique.
- The groupname is the part of the group definition between the
- square brackets.
- The name will appear in the web access management interface.
- </para>
- <para>
- Each group can have an unlimited number of client definitions.
- You can use mixed client definitions within a group,
- but each definition must be in a single line.
- Here are some examples:
- </para>
- <para>
- Single host - MAC Address
- </para>
- <screen><computeroutput>01:23:45:67:89:0A</computeroutput></screen>
- <para>
- Single host - IP Address
- </para>
- <screen><computeroutput>192.168.1.11</computeroutput></screen>
- <para>
- Host range
- </para>
-
<screen><computeroutput>192.168.1.21-192.168.1.25</computeroutput></screen>
- <para>
- Subnet (netmask notation)
- </para>
-
<screen><computeroutput>192.168.1.32/255.255.255.240</computeroutput></screen>
- <para>
- Subnet (CIDR notation)
- </para>
- <screen><computeroutput>192.168.1.32/28</computeroutput></screen>
- -->
</sect3>
<sect3 id="services-webproxy-time">
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
