We issue a warning about the need to use a proxy
Sometimes in the local network there is a need to release users to the Internet through a proxy server. For example, to account for traffic or limit access to certain resources. At the same time using a transparent proxy is impossible or undesirable.
You can, of course, just make a newsletter at all with the indication of the parameters. But, as practice shows, this does not completely eliminate the unnecessary questions.
Slightly more difficult to implement, but removing a significant part of the questions for setting up a method is that when you try to open a page, the user is given a message that lists all the necessary parameters. To do this, we need to install a web server on the gateway and configure it to issue a page with this message.
Particularly advanced may ask: why choose something when there is Apache? I answer in advance: Apache in this case is very redundant and will only waste resources, which, most likely, are few on the gateway. Therefore, we will use the easier option. The server will need the ability to listen to port 80 (because we do not need inetd) and support for custom error messages (we will need to respond to 404). A good option is thttpd.
')
In the following, it is assumed that Debian Etch is installed on the gateway. We put thttpd in the usual way:
We create the file /var/www/index.html and describe everything necessary for it so that the user can easily configure his browser: the proxy server address, port, wishes to have a good time and the like.
In order that the user, when trying to get out, saw not the error message, but our beautiful instruction, we add the rule to iptables:
Now, any attempt to get out through port 80 will go to thttpd. Open habrahabr.ru and see instead what we want to see.
As you can see, when you try to access any page that is not a domain root, we get 404. In thttpd, your own error handler is installed very simply. We do not even need to change something in the config.
Unfortunately, thttpd tries to show its importance and draws its banner at the bottom of the page, spoiling our beautiful valid XHTML Strict. Fortunately, it is treated.
We take the car with the same version of debian, as on the gateway. Go to packages.debian.org and download the source package from there in the form of three files:
We put utilities for the developer:
Unpack the package:
Edit the file config.h. We find there the following line:
And comment on it:
We use exactly this type of comment, since this is C, not C ++.
You can also make some more settings. For example, disable CGI support and set the default encoding to UTF-8. Read the comments in the config.
Next, in the same way, open the file debian / changelog. You need to increase the version number of the package so that the next update will not overwrite it from the repository version. This can happen even if the package is not actually updated.
At the beginning of the file we see the following entry:
Add before her own. Pay attention to the formatting and leave one empty line before what was already in the file.
Putting the package:
In the directory level above, the file thttpd_2.23beta1-5pupkin1_i386.deb was formed. Fill it with the gateway, install and enjoy the result.
upd .: freefd wrote an article about autoconfiguration and provided an example of a page with settings.
We inform users
You can, of course, just make a newsletter at all with the indication of the parameters. But, as practice shows, this does not completely eliminate the unnecessary questions.
Make life easier
Slightly more difficult to implement, but removing a significant part of the questions for setting up a method is that when you try to open a page, the user is given a message that lists all the necessary parameters. To do this, we need to install a web server on the gateway and configure it to issue a page with this message.
Choosing a server
Particularly advanced may ask: why choose something when there is Apache? I answer in advance: Apache in this case is very redundant and will only waste resources, which, most likely, are few on the gateway. Therefore, we will use the easier option. The server will need the ability to listen to port 80 (because we do not need inetd) and support for custom error messages (we will need to respond to 404). A good option is thttpd.
')
Installation and Setup
In the following, it is assumed that Debian Etch is installed on the gateway. We put thttpd in the usual way:
# aptitude install thttpdWe create the file /var/www/index.html and describe everything necessary for it so that the user can easily configure his browser: the proxy server address, port, wishes to have a good time and the like.
In order that the user, when trying to get out, saw not the error message, but our beautiful instruction, we add the rule to iptables:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECTNow, any attempt to get out through port 80 will go to thttpd. Open habrahabr.ru and see instead what we want to see.
Catch 404
As you can see, when you try to access any page that is not a domain root, we get 404. In thttpd, your own error handler is installed very simply. We do not even need to change something in the config.
# mkdir /var/www/errors
# cd /var/www/errors
# ln -s ../index.html err404.htmlUnfortunately, thttpd tries to show its importance and draws its banner at the bottom of the page, spoiling our beautiful valid XHTML Strict. Fortunately, it is treated.
Practical surgery
We take the car with the same version of debian, as on the gateway. Go to packages.debian.org and download the source package from there in the form of three files:
$ wget -c http://ftp.de.debian.org/debian/pool/main/t/thttpd/thttpd_2.23beta1-5.dsc http://ftp.de.debian.org/debian/pool/main/t/thttpd/thttpd_2.23beta1.orig.tar.gz http://ftp.de.debian.org/debian/pool/main/t/thttpd/thttpd_2.23beta1-5.diff.gzWe put utilities for the developer:
$ sudo aptitude install dpkg-dev build-essential fakeroot debhelperUnpack the package:
$ dpkg-source -x thttpd_2.23beta1-5.dsc
$ cd thttpd-2.23beta1Edit the file config.h. We find there the following line:
#define ERR_APPEND_SERVER_INFOAnd comment on it:
/*#define ERR_APPEND_SERVER_INFO*/We use exactly this type of comment, since this is C, not C ++.
You can also make some more settings. For example, disable CGI support and set the default encoding to UTF-8. Read the comments in the config.
Next, in the same way, open the file debian / changelog. You need to increase the version number of the package so that the next update will not overwrite it from the repository version. This can happen even if the package is not actually updated.
At the beginning of the file we see the following entry:
thttpd (2.23beta1-5) unstable; urgency=high
* Applied patch from Steve Kemp <skx@debian.org> on thttpd.logrotate to fix
the insecure use of temporary files when invoked by logrotate
[CVE-2006-4248] (Closes: #396277).
-- Daniel Baumann <daniel@debian.org> Tue, 31 Oct 2006 20:13:00 +0200Add before her own. Pay attention to the formatting and leave one empty line before what was already in the file.
thttpd (2.23beta1-5pupkin1) unstable; urgency=low
* Minor configuration changes required for Company X
-- Vasily Pupkin <pupkin@example.com> Mon, 17 Nov 2008 13:18:00 +0200Putting the package:
$ dpkg-buildpackage -rfakerootIn the directory level above, the file thttpd_2.23beta1-5pupkin1_i386.deb was formed. Fill it with the gateway, install and enjoy the result.
upd .: freefd wrote an article about autoconfiguration and provided an example of a page with settings.
Source: https://habr.com/ru/post/44791/
All Articles