Re: Force using Squid

From: Marc van Selm <>
Date: Thu, 02 Apr 1998 16:31:42 +0200

At 08:54 PM 4/2/98 +0700, Panjai Tantatsanawong wrote:
>Dear Squid user
> I would like to ask that is it possible to force
>all users to use WWW via Squid proxy by block TCP port 80
>of all clients in router and allow only proxy machine
>to access outside?

Block in your router outgoing traffic to TCP port 80 (with an exception for
your proxy). This disables the users to request http. Refer to your router
manuals on how to do so.

In Cisco's it fairly simple:

---------------- somekind of an example -------------------------------

interface Serialx
 ... deleted ...
  ip access-group 110 out

... deleted ...

! give your proxy access
access-list 110 permit tcp host any eq www
! exception for host to a specific site
access-list 110 permit tcp host eq www
! deny other www users to go direct
access-list 110 deny tcp any any eq www
! allow the rest of TCP
access-list 110 permit tcp any any
! another block
access-list 110 deny udp any any eq netbios-ns
! permit rest of UDP
access-list 110 permit udp any any
! permit the rest of IP
access-list 110 permit ip any any

Basic format is:

access-list list_nr permit/deny protocol source dest port

When you specify host xx.xx.xx.xx this is treated as a host filter. if you
don't specify host you have to add a mask (like an inverted subnet)

If you use v9.x the access-list handling is a bit different (but I don't
think you do)

Regards, Marc
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
Received on Thu Apr 02 1998 - 06:26:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:33 MST