Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 29 March 2024, 05:00:50 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14247 Posts in 4376 Topics by 6490 Members
Latest Member: maquino
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  By p@ss transparent proxy Settings for Non-Transparent Proxy Users
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: By p@ss transparent proxy Settings for Non-Transparent Proxy Users  (Read 11880 times)
denpun
Jr. Member
*
Offline Offline

Posts: 3


« on: Thursday 12 November 2009, 07:39:44 am »

Greetings,

In standalone squid, one c.an have various download limits for various groups of people.
Groups can either be bunch of ips or subnets, etc.

We are using endian 2.3 in non-transparent mode & transparent mode.
We will move to only non-transparent.
Within By p@ss transparent proxy Settings, we have subnets of certain groups of people for which we want no filtering of any sort.

There is a download limit that is enforced by endian. This download limit is applied to everybody in transparent and non- transparent mode.
This limit is ignored when one is using transparent mode and when the user is in the by p@ss proxy settings list.

Now the problem arises when one is using non-transparent mode and one wants to by p@ss this limit or have another limit set.

1) How would be be possible for use to have download limit profiles? Just like the filtering profiles?
I know that this can be done in squid.
Its just a gui problem.

2) How can I do this immediately by manually editing files? Which files?


Edit: I now see an option to include custom.tmpl in /etc/squid.conf
will look into this for doing this manually but it would be nice to be able to do this via GUI.

Edit: Excuse the "p@ss" ..guess was being "censored" could not use the word byp because of you know what.
Logged
denpun
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Friday 13 November 2009, 01:18:05 am »

I edited /var/efw/proxy/custom.tmpl

Added the following 4 lines:

Code:
acl     no_download_limits      src x.x.x.x/255.255.255.0
acl     no_download_limits      src x.x.x.x/255.255.255.0
acl     no_download_limits      src x.x.x.x/255.255.255.0
reply_body_max_size 0 allow no_download_limits

The lines do get copied to /etc/squid.conf on restart of the proxy service.
The problem however is that they get copied under the lines:

Code:
# replace body max size
request_body_max_size 35600 KB
reply_body_max_size 36454400 allow from_all

The problem with this is that acls are read from first to last.....first rule that matches is applied ..so the first rule is applied..enforcing the downlaod limits coming from the gui....as opposed to my custom acls for setting no limits for 3 subnets....

I tried editing /etc/squid/squid.conf.tmpl and moved the section that seemingly creates the custom insert to a position above the gui rules....but they get ignored....appears that this is not the file that is being used to create the squid.conf

On one of the forum posts I read that you have to restart fw..tried that too...but to no avail...any ideas on which tmpl is used..or how can i get my custom acls before the gui acls...or atleast a part of the gui acls?

Thanks.
Logged
denpun
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Friday 13 November 2009, 01:42:06 am »

Never Mind.....found my answer.

For those interested....

/etc/squid/squid.conf.tmpl is indeed the source for the /etc/squid/squid.conf file.
The /etc/squid/squid.conf file is generated based on the template /etc/squid/squid.conf.tmpl.
The setting for the template file, /etc/squid/squid.conf.tmpl, I assume are gotten from the settings file elsewhere.

Anyways...there is a section in /etc/squid/squid.conf.tmpl
which is
Code:
# begin custom.tmpl
#try
    #include "/var/efw/proxy/custom.tmpl"
#except
    #pass
#end try
# end custom.tmpl

I moved the above code just above where I wanted it.
In theory, i think, it can be moved anywhere in the tmpl file as long as you don't have conflicting configurations in the custom file.

Once you move the code in the tmpl file to another location in the tmpl file, that meets your needs, simply edit the custom file which is at
/var/efw/proxy/custom.tmpl

and include your acls or any other custom configs.

and thats it. Your seeting will be saved and included every time suqid starts.

If you read my earlier posts, I said that it did not move the config.....it actually does work..except I moved the wrong code.....so I made a mistake.

I moved:
Code:
#if $CUSTOM_ACL != ''

$CUSTOM_ACL
#end if
#if $EXT_REDIR != ''

# START CUSTOM INCLUDES
$CUSTOM_INCLUDES
# END CUSTOM INCLUDES
#end if

instead of

Code:
# begin custom.tmpl
#try
    #include "/var/efw/proxy/custom.tmpl"
#except
    #pass
#end try
# end custom.tmpl

wonder how i missed...the obvious.

Anyways. Its working.
Thanks. Smiley
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com