Upload
zahero
View
431
Download
1
Embed Size (px)
DESCRIPTION
FIT, Damascus University, Syria, 2011
Citation preview
Zaher Wanli
Mhd Hasan Serhan
1
Mhd Ali Al-Kateib
Yasser Kamel
Damascus UniversityF.I.T.E
Third Year Project
Proxy for Authentication and Traffic shaping
2
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
Agenda
3
Overview
Unauthorized access
Unfair Bandwidth Allocation
Non Educational
Sites Traffic Issues
4
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
5
• Proxy definition
• Proxy Features
Overview
Reverse ProxyForward Proxy
Caching Logging Privileges Bandwidth Management
6
Squid Proxy Server
Access Control Lists Delay Pools
Squid features
• Bandwidth control
• Authenticators
• ISPs
• Open Source
• Cross-platform
Overview
7
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
8
Traffic Shaping
192.168.137.5
188.160.237.1
Squid proxy server
9
• Types of buckets Aggregate bucket Network bucket Individual bucket
Traffic Shaping
• Delay pools classesClass 1
Has a single aggregate bucket Class 2
Has an aggregate bucket and 256 individual bucketsClass 3
Has an aggregate bucket and 256 network buckets
and 65536 individual buckets
10
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
Step 1 :. User requests a page through a proxy
Internet
HTTP Request
GET http://www.google.com/ HTTP/1.0
Authentication
Step 2 : Proxy asks UA to authenticate
Internet
HTTP RequestHTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Squid proxy”
Authentication
Step 3 : User sends proxy authentication credentials
Internet
HTTP Request
GET http://www.google.com/ HTTP/1.0Proxy-Authorization: Basic c3R1ZGVudF8wMDAx==...
Authentication
Step 4 : Proxy accepts authentication and requests the page from the server
Internet
HTTP Request
GET / HTTP/1.0Via: 1.0 cache.iif.hu:3128 (Squid/2.4.DEVEL2)...
Authentication
Check DB
Step 5 : Server sends the requested page
Internet
HTTP Response
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMTServer: Apache/1.3.9 (Unix)...
Authentication
Step 6 : Proxy passes the result back to the user
Internet
HTTP Response
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMTServer: Apache/1.3.9 (Unix)...
Authentication
17
Site Blocking
Internet
HTTP Request
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMT...
Step 1: request not allowed page
Blocking
Internet
HTTP Response
Step 1: request not allowed page
HTTP/1.1 200 OKDate: Tue, 11 Feb 2000 18:41:04 GMT...
Blocking
Redirection
20
Overview
Traffic Shaping
Authentication
Conclusion & Perspectives
21
Conclusion & Perspectives
Dynamic Traffic Shaping
Statistics
Off-Campus proxy
22
Thanks for listening
23