Using Squid Proxy for Authentication and Traffic Shaping
23
Zaher Wanli Mhd Hasan Serhan 1 Mhd Ali Al- Kateib Yasser Kamel Damascus University F.I.T.E Third Year Project Proxy for Authentication and Traffic shaping
description
FIT, Damascus University, Syria, 2011
Transcript of Using Squid Proxy for Authentication and Traffic Shaping
Zaher Wanli
Mhd Hasan Serhan
1
Mhd Ali Al-Kateib
Yasser Kamel
Damascus UniversityF.I.T.E
Third Year Project
Proxy for Authentication and Traffic shaping
2
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
Agenda
3
Overview
Unauthorized access
Unfair Bandwidth Allocation
Non Educational
Sites Traffic Issues
4
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
5
• Proxy definition
• Proxy Features
Overview
Reverse ProxyForward Proxy
Caching Logging Privileges Bandwidth Management
6
Squid Proxy Server
Access Control Lists Delay Pools
Squid features
• Bandwidth control
• Authenticators
• ISPs
• Open Source
• Cross-platform
Overview
7
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
8
Traffic Shaping
192.168.137.5
188.160.237.1
Squid proxy server
9
• Types of buckets Aggregate bucket Network bucket Individual bucket
Traffic Shaping
• Delay pools classesClass 1
Has a single aggregate bucket Class 2
Has an aggregate bucket and 256 individual bucketsClass 3
Has an aggregate bucket and 256 network buckets
and 65536 individual buckets
10
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
Step 1 :. User requests a page through a proxy
Internet
HTTP Request
GET http://www.google.com/ HTTP/1.0
Authentication
Step 2 : Proxy asks UA to authenticate
Internet
HTTP RequestHTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Squid proxy”
Authentication
Step 3 : User sends proxy authentication credentials
Internet
HTTP Request
GET http://www.google.com/ HTTP/1.0Proxy-Authorization: Basic c3R1ZGVudF8wMDAx==...
Authentication
Step 4 : Proxy accepts authentication and requests the page from the server
Internet
HTTP Request
GET / HTTP/1.0Via: 1.0 cache.iif.hu:3128 (Squid/2.4.DEVEL2)...
Authentication
Check DB
Step 5 : Server sends the requested page
Internet
HTTP Response
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMTServer: Apache/1.3.9 (Unix)...
Authentication
Step 6 : Proxy passes the result back to the user
Internet
HTTP Response
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMTServer: Apache/1.3.9 (Unix)...
Authentication
17
Site Blocking
Internet
HTTP Request
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMT...
Step 1: request not allowed page
Blocking
Internet
HTTP Response
Step 1: request not allowed page
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMT...
Blocking
Redirection
20
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
21
Conclusion & Perspectives
Dynamic Traffic Shaping
Statistics
Off-Campus proxy
22
Thanks for listening
23
