[TriLUG] proxy / kiosk question
Blanchard Steven
sgblanch at gmail.com
Thu Jun 8 21:29:47 EDT 2006
I think I have seen solutions which use a combination of DNS
wildcards and 302 redirects. This would prevent anyone from removing
the proxy to circumvent the system.
Basically, DNS would return the ip of kiosk.mydomain.edu for any host
not in *.mydomain.edu. The webserver on kiosk.mydomain.edu would
have a wildcard virtual domain that redirects all traffic to the
kiosk.mydomain.edu virtual domain which actually serves the content.
The general concept shares ideas with a "captive portal" so you might
want to look at solutions offered in that arena.
Also, depending on the network topology of your intranet, you might
be able to get by without a default gateway.
Cheers,
Steven
On Jun 8, 2006, at 7:51 PM, Matt Pusateri wrote:
>
> Squidguard is another add-in to squid and can allow you to filter on
> regular expressions. You might also look at privoxy. I would also
> make sure your firewall disallows those kiosk machines access to the
> internet and redirects them to the proxy.
>
> Matt P.
>
> On Thu, June 8, 2006 1:46 pm, Michael Tharp wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I'm sure squid can do that with its ACL system. You may want to give
>> it a shot, but be prepared for a long session with the manual. Also
>> you could maybe do something with nameservers (so they can't look up
>> domains outside of that one), but other than those two there aren't
>> too many options.
>>
>> Byarlay, Wayne A. wrote:
>>> Hi All,
>>>
>>> I'm googling this, as any good admin should, but it's an area I
>>> figured
>>> some quick brain at TriLUG would be willing to point me to a
>>> quicker,
>>> cleaner solution.
>>>
>>> Situation: I have many public WinXP Kiosk machines, with IE as the
>>> only
>>> thing a walk-up customer can access. I would like this IE to be
>>> using a
>>> Proxy, so that if they try to access anything other than
>>> *.mydomain.edu,
>>> it points them to kiosk.mydomain.edu.
>>>
>>> I am familiar with Apache, and have a few linux machines running a
>>> few
>>> Apache servers, but I've not done a Proxy before. Is this the proper
>>> method to do such a thing? (A proxy, as opposed to something else?)
>>> If
>>> so what proxy would you recommend and can you additionally post a
>>> URL
>>> that explains how to set up such a thing?
>>>
>>> Like I said earlier I am also googling this, but even if you point
>>> me in
>>> the approximate general direction, I will... be thankful.
>>>
>>> WAB
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.3 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFEiGJhmMLUGdc9Js8RAjM5AKChwKGns61q7+j8HW3YIz+xXCSCagCfW9+E
>> VZeGhsEb4d+OBqKDBHG63oU=
>> =PtG4
>> -----END PGP SIGNATURE-----
>>
>> --
>> TriLUG mailing list :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/
> trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
More information about the TriLUG
mailing list