Hi,
currently are some threads open regarding HTTP Proxy Profiles and Content Filter.
I tested some settings and couldnt come to a conclusion.
What I want to do:
1. Use widely ADS SSO inside our domain. As a fallback - use RADIUS over IAS (Win2000 Server)
2. On non-ADS-systems use basic auth (local astaro users)
3. Use the autoproxy-script from J. Schooner at http://www.schooner.com/~loverso/no-ads/
4. Mixed users(SSO and local auth) on 2 subnets
Generally there should be allowed every site for authentificated users (regardless of SSO or local).
For some sites there should be no authentifcation necessary.
On 1 subnet there must not be surfing possible.
What I already have done:
1. Integrate ASG in our domain to enable SSO.
2. Create a group Web-Proxy-Users inside ADS for surfing purpose.
3. Global Proxy enabled for 2 subnets with basic auth.
4. Global Content filter to allow everything but some adfarm-servers (as a global spamfilter which seems to work)
5. Exceptions is standard setup plus astaro.com/org domain plus viamichelin for travel routes
6. Advanced is set skip transparent for some hosts. Port is set to 3128 (as was our previous appliance). Allowed target services is astaro spam release, webadmin, http, https and ftp
7. HTTP Proxy profiles:
a) Default rule for all subnets on allowed users, fallback is BLOCK ALL
b) Profile for one subnet on ADS users, fallback is BLOCK ALL
c) Profile for other subnet on non-ADS users, fallback is BLOCK ALL
8. Set up some clients with the PAC-Script mentioned above including the normal "proxy ASG:3128"
Problems so far:
Domain users: adirectory auth is done, no sites load
nonDomain users: auth pops up, site wont load (condition:"error (in module 0)", Report:"An error occured during request scanning")
exception-sites (generally open to all): site loads (and auth is requested - I guess for external references - but fails for ADS users - local users work)
This thread was automatically locked due to age.
