I'v opened a Wingate server on one PC and want to set some visiting restrictions preventing too much visitation, especially attack from hackers.Forgive me that I'm a beginner,I'm not clear about how to do it properly.
I want to set username/password on www proxy server so that the client must input them before visiting Internet through the proxy,but i can't find where to set them.Use "Authentication"?how to do that?Does it need install wingate client on the remote computer?
Another method is seting included or excluded IP locations in Properties of a service.Does it work?
Is it necessary to change default ports of those services?
who can give me some suggestions? thanks a lot!
about restriction setting for visit
Moderator: Qbik Staff
7 posts
• Page 1 of 1
about restriction setting for visit
by minos » Mar 10 04 11:55 pm
- minos
- Posts: 6
- Joined: Mar 10 04 9:24 pm
by erwin » Mar 11 04 7:57 am
Hi Minos
Depending on what connection method you are using for your clients through WinGate will influence what type of authentication you can use.
If you are using NAT (network Address translation) you can get your clients to authenticate by them using a copy of the Gatekeeper.exe from the WinGate server.
If you are using the WinGate Internet Client (installed on the client machine)then once configured correctly will prompt users with a Log in dialog.
Or if your clients are using the straight proxy method (where the WinGate proxy server is specified in each of the clients Internet applications) then you can use Java authentication (commonly used in IExplorer when using proxies).
Generally authentication is set on a per service (set under the policy tab for each services), or applied system wide under the Users tab/System policies in Gatekeeper.
The WinGate helpfile has setup instructions for these types of authentication methods, and they are explained in more detail in our WinGate knowledge base found on our website here:
http://support.qbik.com/index.php?_a=kn ... ubcat&_i=2
Regards
Erwin
Depending on what connection method you are using for your clients through WinGate will influence what type of authentication you can use.
If you are using NAT (network Address translation) you can get your clients to authenticate by them using a copy of the Gatekeeper.exe from the WinGate server.
If you are using the WinGate Internet Client (installed on the client machine)then once configured correctly will prompt users with a Log in dialog.
Or if your clients are using the straight proxy method (where the WinGate proxy server is specified in each of the clients Internet applications) then you can use Java authentication (commonly used in IExplorer when using proxies).
Generally authentication is set on a per service (set under the policy tab for each services), or applied system wide under the Users tab/System policies in Gatekeeper.
The WinGate helpfile has setup instructions for these types of authentication methods, and they are explained in more detail in our WinGate knowledge base found on our website here:
http://support.qbik.com/index.php?_a=kn ... ubcat&_i=2
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by minos » Mar 11 04 8:27 pm
Thank for your instructions! Now the authentication works.I find my puzzle originally that the pop-up window for Java authentication was filtered by my Internet browser(MYIE2) by default.
It will be better if the pop-up window appears more quickly and minimizes or hides itself after logon to make the user interface kinder. :)
It will be better if the pop-up window appears more quickly and minimizes or hides itself after logon to make the user interface kinder. :)
- minos
- Posts: 6
- Joined: Mar 10 04 9:24 pm
by minos » Mar 12 04 3:24 am
Sorry, how can I use Java authentication in socks proxy sevice? I took the followling instructions, but I cant connect any ftp site via the socks proxy. My ftp client is FlashFXP 2.1.
1. Open the Socks proxy Service (under the Services tab in GateKeeper).
2. Click on the Socks Advanced tab.
3. In the HTTP protocol section click the Use following Policy radio button.
4. Choose WWW proxy server.
5. Click OK back through each dialog.
6. Save changes in Gatekeeper [/url]
1. Open the Socks proxy Service (under the Services tab in GateKeeper).
2. Click on the Socks Advanced tab.
3. In the HTTP protocol section click the Use following Policy radio button.
4. Choose WWW proxy server.
5. Click OK back through each dialog.
6. Save changes in Gatekeeper [/url]
- minos
- Posts: 6
- Joined: Mar 10 04 9:24 pm
by erwin » Mar 12 04 11:40 am
Hi Minos
Good to here you got authentication working properly
Unfortunately WinGate has no control over how fast the Java login will pop up on the client machine as this partially is determined by the Java handling in the in the browser itself.
As for the Java Authentication working for Socks proxy, as you can see from the instructions it is for HTTP protocol handover (port 80) and not for FTP sessions (port 21). Unfortunately it will not work in the scenario you described as of course it is FTP and this handover /policy feature is designed for WWW(HTTP) sessions. If you were to try and FTP through IExplorer of course users would be prompted for the Java login.
Hope this helps
Regards
Erwin
Good to here you got authentication working properly
Unfortunately WinGate has no control over how fast the Java login will pop up on the client machine as this partially is determined by the Java handling in the in the browser itself.
As for the Java Authentication working for Socks proxy, as you can see from the instructions it is for HTTP protocol handover (port 80) and not for FTP sessions (port 21). Unfortunately it will not work in the scenario you described as of course it is FTP and this handover /policy feature is designed for WWW(HTTP) sessions. If you were to try and FTP through IExplorer of course users would be prompted for the Java login.
Hope this helps
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by minos » Mar 13 04 3:09 am
I see...but how should I set username/password for socks proxy to prevent anyone unauthenticated from using my proxy?You know, the proxy is very easily scanned by some scan software. An attacker once delivered hundreds of emails all over via my computer several days ago, so I closed some unnecessary services and disabled guest account at once. So I want to take some safer actions. Expecting your reply.
Best regards!
Best regards!
- minos
- Posts: 6
- Joined: Mar 10 04 9:24 pm
by erwin » Mar 19 04 3:22 pm
Hi Minos
Sorry for the delay in replying but if you can set users to be authenticated in a number of ways (as in the WinGate helpfile).
Then you can specify on the policy tab of the socks proxy who will have access to the proxy service and whether they should be authenticated for the policy to apply.
This should safe gaurd against unwanted users trying to use it.
Also because the Socks proxy service (all Proxy services in WinGate actually) are usually only bound to the internal adapter, this allows this service to be only used by people on the LAN behind WinGate. It would only become a risk if the external interface (internet connection) was bound to the services (i.e selected to be used in the bindings tab).
Regards
Erwin
You
Sorry for the delay in replying but if you can set users to be authenticated in a number of ways (as in the WinGate helpfile).
Then you can specify on the policy tab of the socks proxy who will have access to the proxy service and whether they should be authenticated for the policy to apply.
This should safe gaurd against unwanted users trying to use it.
Also because the Socks proxy service (all Proxy services in WinGate actually) are usually only bound to the internal adapter, this allows this service to be only used by people on the LAN behind WinGate. It would only become a risk if the external interface (internet connection) was bound to the services (i.e selected to be used in the bindings tab).
Regards
Erwin
You
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 7 guests