Thread: Squid Question

Hello,

We have a slight problem with a customer’s Websense web filtering software. The reporting feature on Websense cannot individually distinguish users on a Terminal Services server.

We have been advised by Websense to put a squid proxy (or ISA proxy *spits*) in between the Terminal Servers and forward all communications onto the Websense server.

Would this be easy enough for a Linux novice? I have already setup squid in which is working as a proxy fine. I imagine that I may need to add some form of NAT or IPTABLES stuff to forward on all proxy traffic to the Websense server?

Any tips in what to search for would be cool; I'm a little out of my depth on this Linux stuff. :P

Cheers,

Jon

websense has a citrix agent you can install on each server that will distinguish the users - Im sure you can put this on your terminal servers.

What version of websense are you using?

For some reason (I dont know the exact reason) the Citrix agent won't work. It could be due to the version of Citrix our customer is running.

The reason we can't use the citirx agent is because citrix isn't used. :O

I'm not sure how squid will differentiate the users either.

As far as Im aware it wont differentiate the users - its been a couple of years since dealing with websense enterprises etc, so they may have added something. The remote agent they developed for citrix was specifically for the reason you are needing it and I had thought they could also be put on TS too ... are you using ISA server under websense ?

I've just spoken with one of the chaps, so it does need a proxy server in place, and the browser passes user credentials, that's how it's able to differentiate

You can also enable manual authentication as well, so that if the user credentials aren't passed the users will be forced to authenticate before browsing.

Integration with Squid seems pretty straight forward, and if you need any help the support chaps are always here to give guidance

Cheers guys. It appears that the powers to be are going to put Windows 2003 with ISA in instead. .

Less work for me to do I suppose. I'll let some poor sod deal with ISA.

When ISA server fails to perform as required, please feel free to refer them to us for a proper Squid setup

hehe. Unfortunately it is up to the account manager and client IT contact. Neither have really used Linux and therefore would rather have ISA.

The joys of having a separate sales team.

websense sitting on top of ISA is a standard setup and works quite well ..

.. wait until version 7 is released and you might not need an external proxy server