Solved

proxy servers - approved sites based on user id

Posted on 2004-09-27
10
238 Views
Last Modified: 2010-04-10
The uS internet browser, ie6, has an approved sites option that allows
us to control user access to the internet.  You can white list or black list.
We needed to apply a user based list of approved sites at login.
Turns out, can't be done, so what  about the proxy route?

Is it possible for a proxy server to inspect a http request header, and allow/disallow
internet site access based on information contained in the header?  I believe it
is possible to include the user id in this header (per the ie administration kit).

Is it possible for a proxy server to base the access decision on a program/script
we design?  It may be that the user id cannot be placed in the http request header.
In that case will have to go out and discover ourselves who is logged in.

Are there free/inexpensive proxy servers available.   We have 200 users.
Lightning speed is not an issue here.  

We do not use static ips.  Users can login at any machine.
0
Comment
Question by:hank1
10 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12160869
You could do that with a web filtering software like surfcontrol, or if you want something free, you could use the Squid Proxy, wich is free, and runs on a linux box..

(Surfcontrol)
http://www.surfcontrol.com/products/web/

Squid (free):
http://www.squid-cache.org/
0
 
LVL 2

Accepted Solution

by:
ndy78 earned 50 total points
ID: 12162638
As far as I am informed this is only possible using Microsoft ISA Server 2000 / 2004. I  am using it in a campus environment where different access rules apply to teachers and students. It is even possible to open ports on a user / group basis. And after all it's an easy to use proxy / gateway.

HTH,
Andy.
0
 
LVL 5

Expert Comment

by:swinterborn
ID: 12167902
Both ISA and SQUID will run access lists based on the url, but neither will be able to force the browser to add the users id as a parameter to the url. In any case, any user id in the header would be for the external site, not your internal ids. Sounds like what you are looking for is a proxy solution that will integrate with your internal authentication scheme, eg, with MS ISA, a Windows user can be forced to authenticate against the proxy server prior to being allowed access to a site, allowing the admin to apply permissions based on the Windows ID or group - this assumes you are running a centralised authentication model, AD for instance in an MS shop.

Which is the best product - all depends on your current setup. Squid is free and extremely scalable - I have seen it used to serve an entire campus, 30,000 user +, but it is tricky to integrate into a Windows architecture. If you are running a Linux shop, it should be easy to integrate into your current authentication scheme. ISA has a price, but is simple to integrate into Windows. These are only 2 of many products, do a google search for proxy server, and you'll return thousands of products, each of which will be a perfect fit for one particular niche.

Hope this helps
0
 
LVL 2

Expert Comment

by:ndy78
ID: 12168387
We tried to set it up with squid, too. In fact it could be possible - but the development costs to do it (must be self programmed) did not make it an option compared to just buying ISA and have it all set up here. We had an Active Directory prior chosing a Proxy Server that does what we need.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12169045
Surfcontrol let you do it by users btw.. but it's more costly.. it uses your Active directory user database..
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Expert Comment

by:ndy78
ID: 12169858
As far as I can see, Surfcontrol uses MS Proxy or ISA Server to apply these rules. So its more an add-on to these products. I think he could go with ISA alone.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12170125
No, there is a standalone version of it btw.. it'S the one for "microsoft windows".
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12170133
0
 
LVL 2

Expert Comment

by:ndy78
ID: 12173002
thx, my error.

so hank1, were  these proposals ok for you or has it to be something completely different from these?
0
 
LVL 1

Author Comment

by:hank1
ID: 12319579
It's uS  or nothing.  The proxy servers we tried killed the company's main page login.  Installing yet another app
on the box is out.  
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now