[K12OSN] SquidGuard client requests

Darryl Palmer dpalmerjr at gmail.com
Fri Nov 18 20:53:37 UTC 2005


On 11/18/05, David Neimeyer <admin at bookpeople.com> wrote:
>
> I'm hoping to get some clarification:
>
> Whether or not you are running a transparent proxy or not, there is no
> way, outside of local apps, for ltsp clients to make unique address
> requests to squid/squidGuard?

 Ident(d) may work for you. Squid can use ident for identification, and if
you are running it on your LTSP server then the TCP connections are
identified by the correct user ids.
 I have to add that Ident is not safe
1) It can easily be spoofed.
2) Transmits valid user ids so it can make it easier for someone to hack
your system.
3) May be vulnerable to buffer over/under run attacks
 So if you do use Ident make sure that your LTSP server is on an intranet
that is protected by a firewall, also make sure you don't broadcast ident
responses to people outside of your intranet or people you don't trust.
 Darryl Palmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20051118/20d02c1f/attachment.htm>


More information about the K12OSN mailing list