dblight
asked on
Proxy internal and External
Hi all,
We are a large secondary school. We are looking for a solution to monitor internet usage per student.
At the moment all of our internet traffic is routed through and external proxy provided by our local authority. We have access to basic proxy reporting but not in detail as we would like. for example one of the reports we have is the top 100 sites used by the college for a day. Obviously if a website is used more often it will appear in the report but we cannot report on individual usage at any given time!
ideally what I would like to setup is an internal proxy that would log all traffic but just pass-through the traffic to the external proxy provided for us. I do not need to do any type of filtering as this is also provided by the existing external proxy.
We have not administrative control over the external proxy (squid Proxy) to pull out requested data.
Any help would be gratefully received
We are a large secondary school. We are looking for a solution to monitor internet usage per student.
At the moment all of our internet traffic is routed through and external proxy provided by our local authority. We have access to basic proxy reporting but not in detail as we would like. for example one of the reports we have is the top 100 sites used by the college for a day. Obviously if a website is used more often it will appear in the report but we cannot report on individual usage at any given time!
ideally what I would like to setup is an internal proxy that would log all traffic but just pass-through the traffic to the external proxy provided for us. I do not need to do any type of filtering as this is also provided by the existing external proxy.
We have not administrative control over the external proxy (squid Proxy) to pull out requested data.
Any help would be gratefully received
Microsoft ISA server can do this
You'll have to join your student's workstations to a domain in which the ISA server is also a member. You'd then create usernames and passwords for your students on the domain and ask them to use these whenever they want to logon to the machines. ISA server can then be configured to monitor and report on what each student browses.
ASKER
Thanks for replies.
We already have ISA setup for our internal intranet and external webiste its is used mainly for the authentication (single sign on) for all our internal systems.
can a seperate configuration be set that wont interfere with this? Also approx 200 of our laptops are student laptops that are not connected to the domain so authentication will be an issue as the leadership teams will not want students to authenticate again and again?
We already have ISA setup for our internal intranet and external webiste its is used mainly for the authentication (single sign on) for all our internal systems.
can a seperate configuration be set that wont interfere with this? Also approx 200 of our laptops are student laptops that are not connected to the domain so authentication will be an issue as the leadership teams will not want students to authenticate again and again?
These solutions might work for you:
http://www.pearlsw.com/solutions/school.html
http://www.netop.com/solutions/school-it-administration-solutions/cyber-safety.htm
http://www.pearlsw.com/solutions/school.html
http://www.netop.com/solutions/school-it-administration-solutions/cyber-safety.htm
You could setup an internal transparen/chained squid proxy with NTLM.
The question is do you want to prompt all non Domain users for credentials prior to leting them access the outside/inside systems?
The question is do you want to prompt all non Domain users for credentials prior to leting them access the outside/inside systems?
ASKER
Hi Arnold,
I was just thinking the same, i'm installing Ubuntu as we speak to test this theory, all i want the "internal" proxy to do is trap the logs so i can parse them before they go out through the external "normal" proxy.
I dont really want any user to be prompted for any authentication as i want it just to be seemless and normal for them so they do not know that we are bypassing them to another proxy first.
i do have a question on the reporting side of things though. Ultimatley i want to be able to see where any particular USER has browsed and when, like you said with AD authentication but again i want it to be seemless so they are not prompted to enter any credentials. I suppose the laptops that are not domain intergrated can get away with just bypassing the "internal" proxy and carrying on as normal? does this sound possible?
Can you point me in the direction of any resources to configure squid as a transparent proxy and about AD intergration? at the moment im trawling through http://wiki.squid-cache.org/SquidFaq
I was just thinking the same, i'm installing Ubuntu as we speak to test this theory, all i want the "internal" proxy to do is trap the logs so i can parse them before they go out through the external "normal" proxy.
I dont really want any user to be prompted for any authentication as i want it just to be seemless and normal for them so they do not know that we are bypassing them to another proxy first.
i do have a question on the reporting side of things though. Ultimatley i want to be able to see where any particular USER has browsed and when, like you said with AD authentication but again i want it to be seemless so they are not prompted to enter any credentials. I suppose the laptops that are not domain intergrated can get away with just bypassing the "internal" proxy and carrying on as normal? does this sound possible?
Can you point me in the direction of any resources to configure squid as a transparent proxy and about AD intergration? at the moment im trawling through http://wiki.squid-cache.org/SquidFaq
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.