I think I have seen solutions which use a combination of DNS
wildcards and 302 redirects. This would prevent anyone from removing
the proxy to circumvent the system.
Basically, DNS would return the ip of kiosk.mydomain.edu for any host
not in *.mydomain.edu. The webserver on kiosk.mydomain.edu would
have a wildcard virtual domain that redirects all traffic to the
kiosk.mydomain.edu virtual domain which actually serves the content.
The general concept shares ideas with a "captive portal" so you might
want to look at solutions offered in that arena.
Also, depending on the network topology of your intranet, you might
be able to get by without a default gateway.
Cheers,
Steven
On Jun 8, 2006, at 7:51 PM, Matt Pusateri wrote:
Squidguard is another add-in to squid and can allow you to filter on
regular expressions. You might also look at privoxy. I would also
make sure your firewall disallows those kiosk machines access to the
internet and redirects them to the proxy.
Matt P.
On Thu, June 8, 2006 1:46 pm, Michael Tharp wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm sure squid can do that with its ACL system. You may want to give
it a shot, but be prepared for a long session with the manual. Also
you could maybe do something with nameservers (so they can't look up
domains outside of that one), but other than those two there aren't
too many options.
Byarlay, Wayne A. wrote:
Hi All,
I'm googling this, as any good admin should, but it's an area I
figured
some quick brain at TriLUG would be willing to point me to a
quicker,
cleaner solution.
Situation: I have many public WinXP Kiosk machines, with IE as the
only
thing a walk-up customer can access. I would like this IE to be
using a
Proxy, so that if they try to access anything other than
*.mydomain.edu,
it points them to kiosk.mydomain.edu.
I am familiar with Apache, and have a few linux machines running a
few
Apache servers, but I've not done a Proxy before. Is this the proper
method to do such a thing? (A proxy, as opposed to something else?)
If
so what proxy would you recommend and can you additionally post a
URL
that explains how to set up such a thing?
Like I said earlier I am also googling this, but even if you point
me in
the approximate general direction, I will... be thankful.
WAB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEiGJhmMLUGdc9Js8RAjM5AKChwKGns61q7+j8HW3YIz+xXCSCagCfW9+E
VZeGhsEb4d+OBqKDBHG63oU=
=PtG4
-----END PGP SIGNATURE-----
--
TriLUG mailing list :
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/
trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
