WebFiltering:Integration
From K12LTSP Wiki
How can I make my users' browsers use my cache without configuring the browsers for proxying?
The Squid FAQ describes a number of ways to do transparent/interception caching with squid: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
Can I do transparent/interception caching on a terminal server?
Yes and no. The simple answer is no, you need the filter to be running on a seperate server.
If you have squid/squidGuard running on a seperate server, you can redirect out-bound web traffic from the terminal server to the proxy/filter server. Here is the iptables black-magic to make this work:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128 iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128
where 192.168.1.1 is the IP Address of the proxy/filter server
Can I firewall off out-bound port 80, so that users are forced to used the proxy?
This works only if you have the proxy/filter on a seperate server. If you try doing this on the terminal server, you'll firewall off the proxy as well.
Can I force my user's to login to the proxy before they can use the web?
If you are doing transparent/interception caching, the answer is no.
If you are not doing transparent/interception caching, take a look at the Squid FAQ for several authentication methods: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html
