Some of the users at my location are accessing the Internet by
bypassing the in-house proxy server. They are just typing the upstream
proxy server IP address and port number in browser and accessing the
Internet. How can I prohibit such activities? My network is on
192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
(take these IP addresses as an example). I can access 195.2.104.0
network from my location. I am using Squid Proxy server on Linux RH8.

[ Post a follow-up to this message ]

On 28 May 2004 02:47:35 -0700, ssp2000 spoketh

>Some of the users at my location are accessing the Internet by
>bypassing the in-house proxy server. They are just typing the upstream
>proxy server IP address and port number in browser and accessing the
>Internet. How can I prohibit such activities? My network is on
>192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
>(take these IP addresses as an example). I can access 195.2.104.0
>network from my location. I am using Squid Proxy server on Linux RH8.

On Windows computers, you can use Group Policies to block access to any
and all of the settings for Internet Explorer, including the proxy
settings.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

[ Post a follow-up to this message ]

ssp2000 wrote:

> Some of the users at my location are accessing the Internet by
> bypassing the in-house proxy server.[...]

Configure packet filtering, allow outgoing http only from the proxy, block
the rest of the network.

iptables -A FORWARD -s $PROXY -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s $LAN -j REJECT

should do.

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980

[ Post a follow-up to this message ]

ssp2000 wrote:

> Some of the users at my location are accessing the Internet by
> bypassing the in-house proxy server. They are just typing the upstream
> proxy server IP address and port number in browser and accessing the
> Internet. How can I prohibit such activities? My network is on
> 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
> (take these IP addresses as an example). I can access 195.2.104.0
> network from my location. I am using Squid Proxy server on Linux RH8.

I use transparent proxying which works like a charm.  Something like:

$IPTABLES -t nat -A PREROUTING -i $INTERNAL_NIC -p tcp --dport 80 -j
REDIRECT --to-port 3128

Which hijacks port 80 requests and forces them through squid.  You'll also
want to block people from using another proxy server, like so:

$IPTABLES -A FORWARD -s 192.168.7.0/24 -p tcp --dport $ISP_PROXY_PORT -j
DROP

Then, in squid.conf, I set:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Which enables transparent proxying.

I tell my users not to use any proxy settings.  Everything goes through
squid.  If someone tries to be "smart" by putting your ISP as the proxy, it
simply won't work.  In fact, they must either use your squid server as the
proxy, or not put in any settings at all if they want web access.

[ Post a follow-up to this message ]