Review Firewall
Firewall IPCop : Services Guide

After having already presented its functions, installation and web administration interface, we will now finish our look at IPCop with the available services.

Tags : Firewall IPCop, presentation IPCop, Proxy Server, DHCP Server

Firewall IPCop : Services Guide

February 21st, 2006 - 06:00 pm ET by Mathieu D.
  1. 1 - IPCop: Reminder and Introduction
  2. 2 - IPCop : Proxy Server
  3. 3 - IPCop : DHCP Server
  4. 4 - IPCop : Dynamic DNS
  5. 5 - IPCop : Static Hosts and Time Servers
  6. 6 - IPCop : Traffic Shapping
  7. 7 - IPCop : Intrusion Detection
  8. 8 - IPCop : AdvProxy Plug-in
  9. 9 - IPCop : UrlFilter Plug-in
  10. 10 - IPCop : Conclusion
  • AdvProxy Plug-in

 

AdvProxy is a plug-in that allows you go into more details on the IPCop proxy server, adding the possibility, among other things, of specifying which addresses should use the proxy, or which web browsers are authorized to surf on the internet. This plugin will replace the “Proxy Server” web interface on the menu.

We are not going to go over the plug-in installation procedure again as we have already covered this in the first file written on IPCop. On the other hand (and this is the point of this file), we are going to go into detail of what benefits this plug-in provides over the existing system.

The options relating to the server mode and to distant proxy servers are pretty much unchanged, putting aside the possibility of adding some users’ information. One will notice though a finer management of the cache:

  • LRU : Squid rules based on LRU.
  • heap GDSF : The most frequent requests in the form of a tree.
  • heap LFUDA : Last mosnt.com/dossiers/lire/101/firewall-ipcop-securiser-son-reseau-avec-linux/page3.phpt frequently used last requests with dynamic management to help with the tree.
  • heap LRU : LRU policy using a tree.

We can empty the cache from time to time (necessary to view the last modifications on a site sometimes) with the help of a button [Empty the cache] at the bottom of the page.



IPCop : AdvProxy - 1
Configuration and cache mode


AdvProxy allows you to also refine your filter a lot, to the level of what enters and leaves the proxy server; we can actually choose to not download certain domains to the cache (for security reasons, for example), or to not use the proxy for certain IP or MAC addresses...


IPCop : AdvProxy - 2
Exclusion and content rules and accessible hours


It is also possible to specify a range of hours and days where access to the internet is authorized or not, as well as specifying the allocated speed to each user and the type of downloadable content permitted (iso, audio, video,…). About the downloadable content, it is possible to refine this by specifying authorized MIME types.


IPCop : AdvProxy - 3
MIME types and Navigator


We quickly touched earlier on the fact that it is possible to specify which internet browsers are allowed access to the internet. This is practical for users that are too clever for us and who go and install Firefox on their computers when we have blocked, in a GPO, their rights to run Internet Explorer...

The section “Protection of files” allows us to make users believe that site in their history folder (in web browser) and the referrer (page that links takes you to the site that you actually visited) will be defined here

In the case where you have installed UrlFilter, the activation of this plug-in will be done at the bottom of this page.

It is possible to authenticate the proxy server users if you have an Active Directory domain, an LDAP or RADIUS server available...




next page » Page 8 / 10 « previous page Post a comment
Previous review Next review
WiFi and security Presentation of VPN network and used protocols