Proxy Servers

A client is looking to enable *some* users to access anything they like
on the Internet, but only a select group of websites for other users.

This sounds like a job for: (dum duh duh dummmm!) a proxy server! The
problem is that I can't seem to find a decent one that won't require
secondary authentication. I don't want the users to have to log into the
proxy server - at least not so's they know about it. This means the
proxy server really needs to understand NTLM authentication.

But I can't really seem to find one. I found one called FreeProxy, but
the rules don't work consistently. I found one called CCProxy, but I'm
not sure how it would handle whitelists. Just reading about WinGate
sorta scares me - there's an article discussing how to uninstall it. If
it's that hard to uninstall it, I don't want it.

I was thinking about ISA, which I kind of know is overkill, but it also
seems to require add-on products to really do very much.

So what do y'all think? Any suggestions as to what I should do?

grep

In article <(E-Mail Removed)>
grep<(E-Mail Removed)> wrote:

> A client is looking to enable *some* users to access anything they
> like on the Internet, but only a select group of websites for other
> users.
>
> This sounds like a job for: (dum duh duh dummmm!) a proxy server!
> The problem is that I can't seem to find a decent one that won't
> require secondary authentication. I don't want the users to have to
> log into the proxy server - at least not so's they know about it.
> This means the proxy server really needs to understand NTLM
> authentication.
>
> But I can't really seem to find one. I found one called FreeProxy,
> but the rules don't work consistently. I found one called CCProxy,
> but I'm not sure how it would handle whitelists. Just reading about
> WinGate sorta scares me - there's an article discussing how to
> uninstall it. If it's that hard to uninstall it, I don't want it.
>
> I was thinking about ISA, which I kind of know is overkill, but it
> also seems to require add-on products to really do very much.
>
> So what do y'all think? Any suggestions as to what I should do?
>
> grep
>
Squid with SquidGuard for content filtering would work well, and has
support (supposedly) for integrated authentication. I've worked with
Squid/SquidGuard numerous times, and it's worked like a champ every
single time. Note, however, that I have not attempted NTLM/integrated
authentication, so I can't tell you conclusively that it works as
advertised.

Strange answer in a microsoft.public.* newsgroup, but it works and you
can't beat the price (free).

Regards,
Scott

--
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo

"Scott Lowe" <(E-Mail Removed)> wrote in message
> Squid with SquidGuard for content filtering would work well, and has
> support (supposedly) for integrated authentication. I've worked with
> Squid/SquidGuard numerous times, and it's worked like a champ every
> single time. Note, however, that I have not attempted NTLM/integrated
> authentication, so I can't tell you conclusively that it works as
> advertised.

NTLM with Squid works. We use a squid proxy on our network and use NTLM to
control access to the proxy.

--Jeffrey

I've always wanted to work with Squid, but never have. In my own
environment, I think I can give it a go, but I'm not comfortable enough
with all the options to do it for a client at this time.

Thanks for the recommendation, though.

Oh, I've now formally rejected both CCProxy and Wingate. Wingate can't
run on the same server as your DNS service. In a small, single-server
environment like this one, that's a show-stopper right there.

CCProxy doesn't *really* integrate with AD, and... well... just doesn't
really work well.

Thanks again,

grep

Scott Lowe wrote:
> In article &lt;(E-Mail Removed)&gt;
> grep&lt;(E-Mail Removed)&gt; wrote:
>
>
>> A client is looking to enable *some* users to access anything they
>>like on the Internet, but only a select group of websites for other
>> users.
>>
>> This sounds like a job for: (dum duh duh dummmm!) a proxy server!
>>The problem is that I can't seem to find a decent one that won't
>>require secondary authentication. I don't want the users to have to
>>log into the proxy server - at least not so's they know about it.
>>This means the proxy server really needs to understand NTLM
>>authentication.
>>
>> But I can't really seem to find one. I found one called FreeProxy,
>>but the rules don't work consistently. I found one called CCProxy,
>>but I'm not sure how it would handle whitelists. Just reading about
>>WinGate sorta scares me - there's an article discussing how to
>>uninstall it. If it's that hard to uninstall it, I don't want it.
>>
>> I was thinking about ISA, which I kind of know is overkill, but it
>>also seems to require add-on products to really do very much.
>>
>> So what do y'all think? Any suggestions as to what I should do?
>>
>> grep
>>
>
> Squid with SquidGuard for content filtering would work well, and has
> support (supposedly) for integrated authentication. I've worked with
> Squid/SquidGuard numerous times, and it's worked like a champ every
> single time. Note, however, that I have not attempted NTLM/integrated
> authentication, so I can't tell you conclusively that it works as
> advertised.
>
> Strange answer in a microsoft.public.* newsgroup, but it works and you
> can't beat the price (free).
>
> Regards,
> Scott
>
>

"grep" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>>> This sounds like a job for: (dum duh duh dummmm!) a proxy server!
>>>The problem is that I can't seem to find a decent one that won't
>>>require secondary authentication. I don't want the users to have to
>>>log into the proxy server - at least not so's they know about it.
>>>This means the proxy server really needs to understand NTLM
>>>authentication.

MS ISA Server


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------