Hello,
We currently have wingate humming along nicely in several locations and acting as a whitelist proxy for our 50 or so job related sites via the
WWW Proxy Server->Policies->Everyone->Advanced:Filter Criterion method.
The management has decided to be more benevolent to the users and open up the net for them to use site that are not on the whitelist. Yay!
But they don't want to get rid of it entirely, so here's what they want it to do.
If the user goes to one of the currently whitelisted site, pass them along to the site with no interruption. However, If the user is visiting a site that is not on the current whitelist, they would be redirected to a page that says something to the effect of "This page isn’t on the whitelist, please click here to verify that this is work related.. blahblah" and then to pass them through to the site.
I really like Wingate and want to continue using it. Is something of this nature possible within Wingate?
Whitelist Exceptions
Moderator: Qbik Staff
4 posts
• Page 1 of 1
by adrien » Jan 10 07 4:04 pm
Hi
Understand what they want to do. WinGate unfortunately won't currently support that. Do you know if any other proxies do? It's possibly the sort of functionality that an ISAPI plugin could do for ISA server, but I don't know if anyone's written such a thing.
We do have plans for something similar to help hotels and cybecafes, with a sign-in page, but to have it on a URL by URL basis is a pretty cool idea, e.g various zones of freedom available, with different requirements for each zone.
Adrien
Understand what they want to do. WinGate unfortunately won't currently support that. Do you know if any other proxies do? It's possibly the sort of functionality that an ISAPI plugin could do for ISA server, but I don't know if anyone's written such a thing.
We do have plans for something similar to help hotels and cybecafes, with a sign-in page, but to have it on a URL by URL basis is a pretty cool idea, e.g various zones of freedom available, with different requirements for each zone.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by tiredadmin » Jan 11 07 7:05 am
I've not researched any other proxies in regards to this yet, other than poking around some squidGuard config files ;)
What if we backed it down one step, what if we added a session based login that is checked on a "OR" basis in the WWW Proxy Server->Policies->Everyone->Advanced:Filter Criterion stuff.
So the:
-User makes a request
-We check the WWW Proxy Server->Policies->Everyone->Advanced:Filter Criterion for a match
- If no match send them to a login page and on successful login they get a 30mins session
I saw some session stuff in the filter criterions but I have no idea if it's at all related so I’m probably reaching a bit here...
What if we backed it down one step, what if we added a session based login that is checked on a "OR" basis in the WWW Proxy Server->Policies->Everyone->Advanced:Filter Criterion stuff.
So the:
-User makes a request
-We check the WWW Proxy Server->Policies->Everyone->Advanced:Filter Criterion for a match
- If no match send them to a login page and on successful login they get a 30mins session
I saw some session stuff in the filter criterions but I have no idea if it's at all related so I’m probably reaching a bit here...
- tiredadmin
- Posts: 2
- Joined: Jan 09 07 9:23 am
by adrien » Jan 11 07 12:53 pm
so you basically want to challenge users only if they want to go to certain sites?
Basically what you could do is..
1. Add a recipient that grants everyone unauthenticated access to known work-related sites only.
2. Add a recipient that grants access to everywhere if the user is authenticated.
So, people surfing work sites won't be challenged, but people who want to go anywhere else will need to authenticated.
if you're using the WinGate user database, then you can use the java based login. This serves a client.htm file from the WinGate\Java folder. You can customize this to look how you like for the company challenge page.
It won't give just a restricted amount of time though, but you could allocate a periodic quota to people. So only when they auth does it go against their balance.
Adrien
Basically what you could do is..
1. Add a recipient that grants everyone unauthenticated access to known work-related sites only.
2. Add a recipient that grants access to everywhere if the user is authenticated.
So, people surfing work sites won't be challenged, but people who want to go anywhere else will need to authenticated.
if you're using the WinGate user database, then you can use the java based login. This serves a client.htm file from the WinGate\Java folder. You can customize this to look how you like for the company challenge page.
It won't give just a restricted amount of time though, but you could allocate a periodic quota to people. So only when they auth does it go against their balance.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 5 guests