Solved

Proxy internal and External

Posted on 2009-04-02
7
711 Views
Last Modified: 2013-11-22
Hi all,

We are a large secondary school. We are looking for a solution to monitor internet usage per student.

At the moment all of our internet traffic is routed through and external proxy provided by our local authority. We have access to basic proxy reporting but not in detail as we would like. for example one of the reports we have is the top 100 sites used by the college for a day. Obviously if a website is used more often it will appear in the report but we cannot report on individual usage at any given time!

ideally what I would like to setup is an internal proxy that would log all traffic but just pass-through the traffic to the external proxy provided for us. I do not need to do any type of filtering as this is also provided by the existing external proxy.

We have not administrative control over the external proxy (squid Proxy) to pull out requested data.

Any help would be gratefully received
0
Comment
Question by:dblight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24048095
Microsoft ISA server can do this
0
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24048106
You'll have to join your student's workstations to a domain in which the ISA server is also a member. You'd then create usernames and passwords for your students on the domain and ask them to use these whenever they want to logon to the machines. ISA server can then be configured to monitor and report on what each student browses.
0
 

Author Comment

by:dblight
ID: 24048149
Thanks for replies.

We already have ISA setup for our internal intranet and external webiste its is used mainly for the authentication (single sign on) for all our internal systems.

can a seperate configuration be set that wont interfere with this? Also approx 200 of our laptops are student laptops that are not connected to the domain so authentication will be an issue as the leadership teams will not want students to authenticate again and again?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:bmatumbura
ID: 24048308
0
 
LVL 78

Expert Comment

by:arnold
ID: 24049145
You could setup an internal transparen/chained squid proxy with NTLM.
The question is do you want to prompt all non Domain users for credentials prior to leting them access the outside/inside systems?
0
 

Author Comment

by:dblight
ID: 24057972
Hi Arnold,

I was just thinking the same, i'm installing Ubuntu as we speak to test this theory, all i want the "internal" proxy to do is trap the logs so i can parse them before they go out through the external "normal" proxy.

I dont really want any user to be prompted for any authentication as i want it just to be seemless and normal for them so they do not know that we are bypassing them to another proxy first.

i do have a question on the reporting side of things though. Ultimatley i want to be able to see where any particular USER has browsed and when, like you said with AD authentication but again i want it to be seemless so they are not prompted to enter any credentials. I suppose the laptops that are not domain intergrated can get away with just bypassing the "internal" proxy and carrying on as normal? does this sound possible?

Can you point me in the direction of any resources to configure squid as a transparent proxy and about AD intergration? at the moment im trawling through http://wiki.squid-cache.org/SquidFaq 

0
 
LVL 78

Accepted Solution

by:
arnold earned 250 total points
ID: 24068277
A transparent proxy deals with requests on port 80 being redirected by the router/ISA back to the proxy server which based on your setting will pass the requests to the external proxy.

You could setup the system to check NTLM to detect AD systems. and then let it fall through which will allow all access through. (no deny)
This will let non AD systems access, but will also let AD systems where the user did not login into the domain to pass through unidentified.

There are many resources on setting up transparent proxy:
http://tldp.org/HOWTO/TransparentProxy.html
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy

Currently do you have your ISA configured to redirect port 80 requests to the external proxy or is the external proxy setup as a transparent?
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question