Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Restricting web access based on User ID w/ a twist

Status
Not open for further replies.
josel

josel

Programmer
Oct 16, 2001
716
US
Howdy!

A coleague of mine asked about how to restrict web access to a group of users and/or allow access to ONLY specified URLs. To this, I suggested he used a linux box to setup a firewall ...

He then came back with this question
Code: 
I have a question with regards to your suggestion to use an internal PC. If 
we go that route or use an independent Linux box (more preferably the Linux 
box), we have both thin clients and pc's with IP addresses and user names 
which sits in the 2003 server. Can the user name then be passed to the Linux 
box which has the software to restrict.

I assume the flow is from the thinclients/pc's to the 2003 server to the 
Linux box.

I must be able to pick up the user name not the IP address for the 
restrictions to work properly.

Any thoughts would be appreciated.

I am posting this on his behalf. Is this possible? Could we setup a linux firewall and base the configuration based on user IDs even when those users are loging on a Thin Client Server?

My first thoughts were LDAP or Active Dirctories but, I do not know much about them so ... I figure I ask you guys/gals.

Thank you all in advance!


Jose Lerebours

KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours
 
Sort by date Sort by votes
I have seen Squid ( work wonders as a Linux proxy to do what you require. It will let you authenticate in several ways. If you can't get it working with what you have and don't want to use LDAP, etc, then you can always set it to "Proxy Authentication" and they'll get a login box the first time they try to access restricted URLs / content (which you can set up some pretty advanced filters). (Think wireless Internet Cafe kind of stuff.)

Squid also comes with very advanced features, such as restrictions based on time, MAC address, etc. I recommend using it instead of trying to wrap your head around Linux's kernel networking support (which is, actually what's doing most of the work behind the scenes.)

I recommend getting ClamAV on the Linux box listening to all incoming TCP/IP streams to make sure you filter out any Windows viruses before they enter your network as well.
 
Upvote 0 Downvote
Along the lines of the Internet Cafe' model, you should also read up on NoCat Auth, a program extensively used for cafe's. I can't speak to it's restrictions in destination URLs, but it's very much of the model of controlling outbound IP to "authorized" customers/users.




Hosting Solutions for Home or Business.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
812
gbaughma
gbaughma
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
171
bhuv560
bhuv560
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
375
spamjim
spamjim
gregor weertman
  • Locked
  • Question
set samba "template shell" dependent on group
Replies
0
Views
155
gregor weertman
gregor weertman
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
202
Steve Bowman
Steve Bowman

Part and Inventory Search

Sponsor

Back
Top