Enhancement #2964
Web proxy: support blue zones
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-squid | |||
| Target version: | v6.5 | |||
| Resolution: | NEEDINFO: | No |
Description
With the actual implementation the proxy can be enabled only on green networks.
But the proxy should be accessible also from blue interfaces.
Extend the web interface to enable/disable squid on green and blue interfaces.
The mode property must be selectable for each zones, thus for example, the blue interface can be configured as Authenticated while the green is Transparent.
Associated revisions
Config and db: enable web proxy on blue. Refs #2964
- New properties: GreenMode and BlueMode
- Migration fragment from old properties
- Support blue networks in configuration templates
firewall: move squid rules after general rules. Refs #2964
db migration: fix fragment path. Refs #2964
Web UI: support blue zones. Refs #2964
squid.conf: set shutdown_lifetime to 1 seconds. Refs #2964
db defaults: default mode to manual for blue and green. Refs #2964
squid.conf template: fixes for blue zones. Refs #2964
squid.conf: prevent access from blue to green. Refs #2964
squid.conf: re-order acl. Refs #2964
Web UI: execute event without post-process. Refs #2964
History
#1
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
#2
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
#4
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
nethserver-squid-1.2.0-18.0gitcfbd3944.ns6.noarch.rpm- nethserver-squid-1.2.0-20.0git1a759fc7.ns6.noarch.rpm
- Enable proxy in manual mode on green interface
- Enable proxy in transparent mode on blue interface
- Check clients on blue can surf the web
- Explicitly configure the proxy on clients inside green network, check the clients can surf the web
- Enable proxy in authenticated mode on green and blue interface
- Explicitly configure the proxy on clients, check the clients can surf the web
- Enable the proxy for blue
- Check the client can download the wpad file
Visited web pages are logged inside /var/log/squid/access.log.
#5
Updated by Filippo Carletti over 6 years ago
Enabling transparent ssl on blue, the dnat rule for port 443 is created on green instead of blue.
#6
Updated by Giacomo Sanchietti over 6 years ago
Filippo Carletti wrote:
Fixed in:Enabling transparent ssl on blue, the dnat rule for port 443 is created on green instead of blue.
- nethserver-squid-1.2.1.1-16.0git1fcdbc13.ns6.noarch.rpm
#7
Updated by Filippo Carletti over 6 years ago
Enabling transparent ssl on blue, squid doesn't listen on port 3130.
#8
Updated by Giacomo Sanchietti over 6 years ago
Filippo Carletti wrote:
Fixed in:Enabling transparent ssl on blue, squid doesn't listen on port 3130.
- nethserver-squid-1.2.1.1-17.0git9419b842.ns6.noarch.rpm
#9
Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Everything's working as expected.
Authenticated proxy minimally tested.
#10
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- squid-3.3.13-1.el6.x86_64.rpm
- nethserver-squid-1.3.0-1.ns6.noarch.rpm