DistributedNetworks DistributedNetworks


Internet Proxy Server   «Prev 

Restricting Access

Using the Web Proxy Service, you can restrict access by configuring limitations on the network services with which users can connect. The Web Proxy Service allows you to control what users or groups can access resources using
  1. HTTP:(Hypertext Transfer Protocol) The Hypertext Transfer Protocol is used to communication with Web Servers to transfer to the content of web pages to a web client, such as Microsoft® Internet Explorer.
  2. HTTPS:(Secure Hypertext Transfer Protocol) HTTPS is used to protect the data moving to and from a secure web server.
  3. FTP:(File Transfer Protocol) A member of the TCP/IP suite of protocols, used to copy files between two computers on the Internet. Both computers must support their respective FTP roles: one must be an FTP client and the other an FTP server.
  4. Gopher: A network service used in the past to allow users to search the contents site. Gopher has lost favor in most environments, but may still be encountered at some university sites.
Similar access controls can be placed over a much wider variety of services using the WinSock Proxy Service.


Question: I manage a small network on a residential site, which is looking to restrict staff use of the internet (especially out of hours) to 30-minute sessions per user. The network is a Windows 2000 domain, but the internet area could be on its own subnet linked directly to the router. At the moment we are looking at cheap solutions like Internet Caffe from Antamedia, but I wondered if there was something that could be done through Linux. Perhaps some form of LDAP terminal server using a MySQL database? The transport layer security protocol project (TLSP) makes me think that someone else must have asked this question at least once, but the web discussions all seem to head back towards MS servers, which seems a pity. The machines are all low-spec P400/800s, with 128-256 RAM, which could possibly be increased. Access to a common shared drive (via CIFS or NFS) and a shared printer (networked Brother) would also be useful. Obviously, all the programmes that you might want are there
  1. MPlayer,
  2. RealPlayer,
  3. Firefox,
  4. Thunderbird,
  5. Xpdf,
  6. OpenOffice.org,
  7. Gaim/Kopete etc.
Any suggestions would be greatly appreciated, as the Windows options seem to require fairly careful running.
Answer: Proxy software such as Squid would be ideal for this, as you can configure it to require authentication and time out after a given duration. You will know exactly who is accessing sites and what they are doing. You can find Squid at www.squid-cache.org, and there are plenty of example configurations in the documentation. The hardware you are using sounds more than adequate, and nearly all current Linux distributions provide the tools and programs you list. Mandriva, Ubuntu, Fedora or even SUSE are great options for desktop systems as an alternative to Microsoft Windows.