Enhancement #2964

Web proxy: support blue zones

Added by Giacomo Sanchietti over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.5
Resolution: NEEDINFO:No

Description

With the actual implementation the proxy can be enabled only on green networks.
But the proxy should be accessible also from blue interfaces.

Extend the web interface to enable/disable squid on green and blue interfaces.
The mode property must be selectable for each zones, thus for example, the blue interface can be configured as Authenticated while the green is Transparent.

Associated revisions

Revision 9dac40d4
Added by Giacomo Sanchietti over 6 years ago

Config and db: enable web proxy on blue. Refs #2964

  • New properties: GreenMode and BlueMode
  • Migration fragment from old properties
  • Support blue networks in configuration templates

Revision be8c4099
Added by Giacomo Sanchietti over 6 years ago

firewall: move squid rules after general rules. Refs #2964

Revision 08a9543f
Added by Giacomo Sanchietti over 6 years ago

db migration: fix fragment path. Refs #2964

Revision a4858a70
Added by Giacomo Sanchietti over 6 years ago

Web UI: support blue zones. Refs #2964

Revision e73ead3d
Added by Giacomo Sanchietti over 6 years ago

squid.conf: set shutdown_lifetime to 1 seconds. Refs #2964

Revision 8a8cdbd2
Added by Giacomo Sanchietti over 6 years ago

db defaults: default mode to manual for blue and green. Refs #2964

Revision f94becc5
Added by Giacomo Sanchietti over 6 years ago

squid.conf template: fixes for blue zones. Refs #2964

Revision 312fa9e9
Added by Giacomo Sanchietti over 6 years ago

squid.conf: prevent access from blue to green. Refs #2964

Revision b410a324
Added by Giacomo Sanchietti over 6 years ago

squid.conf: re-order acl. Refs #2964

Revision 07bdb88e
Added by Giacomo Sanchietti over 6 years ago

Web UI: execute event without post-process. Refs #2964

Revision ae188656
Added by Giacomo Sanchietti over 6 years ago

shorewall: fix transparent ssl proxy on blue. Refs #2964 #2977

Revision 9419b842
Added by Giacomo Sanchietti over 6 years ago

squid.conf: fix template logic. Refs #2977 #2964

Revision 89a66f83
Added by Giacomo Sanchietti over 6 years ago

Inline help: update English and Italian. Refs #2964 #2503

History

#1 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.5
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-squid-1.2.0-18.0gitcfbd3944.ns6.noarch.rpm
  • nethserver-squid-1.2.0-20.0git1a759fc7.ns6.noarch.rpm
Test case 1
  • Enable proxy in manual mode on green interface
  • Enable proxy in transparent mode on blue interface
  • Check clients on blue can surf the web
  • Explicitly configure the proxy on clients inside green network, check the clients can surf the web
Test case 2
  • Enable proxy in authenticated mode on green and blue interface
  • Explicitly configure the proxy on clients, check the clients can surf the web
Test case 3
  • Enable the proxy for blue
  • Check the client can download the wpad file

Visited web pages are logged inside /var/log/squid/access.log.

#5 Updated by Filippo Carletti over 6 years ago

Enabling transparent ssl on blue, the dnat rule for port 443 is created on green instead of blue.

#6 Updated by Giacomo Sanchietti over 6 years ago

Filippo Carletti wrote:

Enabling transparent ssl on blue, the dnat rule for port 443 is created on green instead of blue.

Fixed in:
  • nethserver-squid-1.2.1.1-16.0git1fcdbc13.ns6.noarch.rpm

#7 Updated by Filippo Carletti over 6 years ago

Enabling transparent ssl on blue, squid doesn't listen on port 3130.

#8 Updated by Giacomo Sanchietti over 6 years ago

Filippo Carletti wrote:

Enabling transparent ssl on blue, squid doesn't listen on port 3130.

Fixed in:
  • nethserver-squid-1.2.1.1-17.0git9419b842.ns6.noarch.rpm

#9 Updated by Filippo Carletti over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Everything's working as expected.
Authenticated proxy minimally tested.

#10 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • squid-3.3.13-1.el6.x86_64.rpm
  • nethserver-squid-1.3.0-1.ns6.noarch.rpm

Also available in: Atom PDF