Re: IP Filtering and Blocking from Yves Lafon on 2002-09-25 (www-jigsaw@w3.org from September to October 2002)

From: Yves Lafon <ylafon@w3.org>
Date: Wed, 25 Sep 2002 18:55:09 +0200 (MET DST)
To: Chinmay Pattanayak <chinmayanand@hotmail.com>
cc: www-jigsaw@w3.org
Message-ID: <Pine.GSO.4.44.0209251843070.16561-100000@tarantula.inria.fr>

On Tue, 24 Sep 2002, Chinmay Pattanayak wrote:

> Hi!
>
> Can anyone give me an explanation on how to configure the Jigsaw(2.2.1)
> proxy to achieve the followings.
>
> 1* Denying request to some IP or IP range from using the proxy.
> 2* Denying access to some of the prohibited sites on the net.
> 3* Allowing access to a group of IPs to use the proxy during some specific
> hours (say 2pm to 4pm) of the day, and allowing some other group of IPs for
> some other duration.
>
> Is all three achievable in Jigsaw2.2.1 configured as proxy?
> If so please tell me how?

To restrict access to the server (and then the proxy), you can read the
tutorial on Authentication at
http://www.w3.org/Jigsaw/Doc/User/AuthInJigsaw.html
http://www.w3.org/Jigsaw/Doc/User/authentication.html
This will reply to question 1*
Also, it can be done the same way with AclFilter/AclReam instead of
GenericAuthFilter.
for 3*, the same method should be used, but such restriction is not
defined in the default filters, so you would have to create such a filter
by subclassing GenericAuthFilter or AclRealm.

For 2*, you will need to restrict access to some sites/ ranges of IP in
the client HTTP stack, it is done by using the ProxyDispatcher client-side
filter (which is set differently)
See
http://www.w3.org/Jigsaw/Doc/Reference/org.w3c.www.protocol.http.proxy.ProxyDispatcher.html
For the definition of the proxy dispatcher file. See the properties
org.w3c.www.protocol.http.proxy.rules for the URI containing the rules
(usually file://...)
and org.w3c.www.protocol.http.filters that sets the filters of the client
side filter, I usually set it to
org.w3c.www.protocol.http.filters=org.w3c.www.protocol.http.cache.CacheFilter|org.w3c.www.protocol.http.proxy.ProxyDispatcher
o have both the CacheFIlter and the dispatcher. But the Cache filter is
not always necessary as it may impact other restrictions set by other
filters.
The way to set those properties is to edit the properties using JigEdit,
or to edit http-server.props.
Hope this helps,

-- 
Yves Lafon - W3C
"Baroula que barouleras, au tiéu toujou t'entourneras."

Received on Wednesday, 25 September 2002 12:55:21 UTC