How to Stop bypassing Proxy server - squid

This is a discussion on How to Stop bypassing Proxy server - squid ; Some of the users at my location are accessing the Internet by bypassing the in-house proxy server. They are just typing the upstream proxy server IP address and port number in browser and accessing the Internet. How can I prohibit ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: How to Stop bypassing Proxy server

  1. How to Stop bypassing Proxy server

    Some of the users at my location are accessing the Internet by
    bypassing the in-house proxy server. They are just typing the upstream
    proxy server IP address and port number in browser and accessing the
    Internet. How can I prohibit such activities? My network is on
    192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
    (take these IP addresses as an example). I can access 195.2.104.0
    network from my location. I am using Squid Proxy server on Linux RH8.

  2. Re: How to Stop bypassing Proxy server

    On 28 May 2004 02:47:35 -0700, ssp2000 spoketh

    >Some of the users at my location are accessing the Internet by
    >bypassing the in-house proxy server. They are just typing the upstream
    >proxy server IP address and port number in browser and accessing the
    >Internet. How can I prohibit such activities? My network is on
    >192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
    >(take these IP addresses as an example). I can access 195.2.104.0
    >network from my location. I am using Squid Proxy server on Linux RH8.


    On Windows computers, you can use Group Policies to block access to any
    and all of the settings for Internet Explorer, including the proxy
    settings.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)

  3. Re: How to Stop bypassing Proxy server

    ssp2000 wrote:

    > Some of the users at my location are accessing the Internet by
    > bypassing the in-house proxy server.[...]


    Configure packet filtering, allow outgoing http only from the proxy, block
    the rest of the network.

    iptables -A FORWARD -s $PROXY -p tcp --dport 80 -j ACCEPT
    iptables -A FORWARD -s $LAN -j REJECT

    should do.

    Wolfgang
    --
    A foreign body and a foreign mind
    never welcome in the land of the blind
    Peter Gabriel, Not one of us, 1980

  4. Re: How to Stop bypassing Proxy server

    ssp2000 wrote:

    > Some of the users at my location are accessing the Internet by
    > bypassing the in-house proxy server. They are just typing the upstream
    > proxy server IP address and port number in browser and accessing the
    > Internet. How can I prohibit such activities? My network is on
    > 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
    > (take these IP addresses as an example). I can access 195.2.104.0
    > network from my location. I am using Squid Proxy server on Linux RH8.


    I use transparent proxying which works like a charm. Something like:

    $IPTABLES -t nat -A PREROUTING -i $INTERNAL_NIC -p tcp --dport 80 -j
    REDIRECT --to-port 3128

    Which hijacks port 80 requests and forces them through squid. You'll also
    want to block people from using another proxy server, like so:

    $IPTABLES -A FORWARD -s 192.168.7.0/24 -p tcp --dport $ISP_PROXY_PORT -j
    DROP

    Then, in squid.conf, I set:

    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on

    Which enables transparent proxying.

    I tell my users not to use any proxy settings. Everything goes through
    squid. If someone tries to be "smart" by putting your ISP as the proxy, it
    simply won't work. In fact, they must either use your squid server as the
    proxy, or not put in any settings at all if they want web access.

+ Reply to Thread