Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 01 December 2024, 04:04:39 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  EFW as content filter in front of ISA NTLM auth proxy
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW as content filter in front of ISA NTLM auth proxy  (Read 11376 times)
wreg
Jr. Member
*
Offline Offline

Posts: 3


« on: Thursday 04 March 2010, 11:04:39 pm »

Hello,

The situation is as follows. My company has an ISA proxy situated in germany. I have no control over this proxy and no changes will be made to it at my request.

Since my boss thinks this proxy doesn't quite filter enough, and we're forced by company policy to use the connection over germany (and hence this proxy as well) I need to setup an extra content filter in front of this ISA box.

I've been toying with EFW to get this done but have, so far, been quite unsuccesful. If I set up EFW as authenticated proxy I cannot forward the NTLM authentication to ISA. If I set up squid as transparent and configure the ISA box in config script, squid doesn't filter anything anymore, and I'm not quite sure why. I have thought of a  of possible causes.

1. Transparent squid is listening on port 80 while http requests are forwarded to ISA on 81.
2. Transparent squid is unable to filter the url from the proxy request made to isa.
3. Squid couldn't care less about filtering since the request is actually made to an internal server (isa) and hence shouldn't be blocked.

Case 1: how do I get transparent squid to listen and filter on 81 as if it were 80?
Case 2 and 3: how do I force squid to filter the proxy requests made to the isa server and block inappropriate url's??

Case I have it all wrong:
please enlighten me. I really feel like I'm missing some basic know-how to properly solve this :/


Thanks in advance,
Wim
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #1 on: Friday 05 March 2010, 01:18:13 am »

If Endian is sitting between the ISA server and the Internet connection, why would you want to use Authentication?
Wouldn't you just set up Endian as being the Gateway for the ISA server?

Logged

                          
wreg
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Friday 05 March 2010, 01:28:11 am »

Yes. That's what I did.

Clients get endian as gateway. If I go outside from there all is well and it works as intended.

If I configure the proxy configuration script in the client's browsers endian no longer filters anything. I think because all traffic is now intended for the german proxy, and no longer for the internet.

My ACL obviously doesn't block traffic to this german proxy, and since the browers are sending requests to this german proxy, they can pass.

Well, I think that's what's wrong, I'm not really sure...


I've set up an isa as proxy with a very tight content filter and the german isa as parent cache and my local box forwarding ntlm auth from the clients to the german isa. Works fine...

But I'd like to do the same thing with squid, or at least something that has the same result.
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #3 on: Friday 05 March 2010, 01:42:06 am »

Yes. That's what I did.
Clients get endian as gateway. If I go outside from there all is well and it works as intended.
...
...

Why don't you leave the clients as they were before - (ISA as gateway) but set the ISA server to use Endian as it's Gateway.

Clients --->> ISA Server --->> Endian --->> Internet

Logged

                          
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.086 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com