Ok Henrik , thanks very much .
I have add a rule to block direct connecting to my squid port 80 and 3128 .
Quoting Henrik Nordstrom <hno@hem.passagen.se>:
> Or better, include a rule to count it as non-local traffic.
>
> --
> Henrik Nordstrom
> Squid hacker
>
> Hamid Hashemi Golpayegani wrote:
> >
> > This cause of my accounting system ! My accounting calculate the KB
> > send/receive from the internet through IPChains rules . But this rules
> is
> > not calculate local traffic . So if any one use direct proxy request
> all of
> > his web traffic will be calculate as local traffic . So I don't want
> to do
> > that .
> > So is the last way that exist is that I must block this port through
> > ipchains in my router ?
> >
> > --
> > Regards
> >
> > ============================================================
> > / Seyyed Hamid Reza / WINDOWS FOR NOW !! /
> > / Hashemi Golpayegani / Linux for future , FreeBSD for ever /
> > / Morva System Co. / ------------------------------------- /
> > / Network Administrator/ hamid@morva.net , ICQ# : 42209876 /
> > ===========================================================
> >
> > -----Original Message-----
> > From: hno@hem.passagen.se [mailto:hno@hem.passagen.se]
> > Sent: Friday, March 16, 2001 9:02 PM
> > To: Hamid Hashemi Golpayegani
> > Cc: Squid Users
> > Subject: Re: [squid-users] Deny Direct Proxy request !
> >
> > You may use httpd_accel_with_proxy off, but it might break HTTP/1.2
> or
> > later clients...
> >
> > Why do you want to prevent users from configuring the proxy settings?
> >
> > Technically setting the proxy settings is "the correct thing to do",
> as
> > any transparent redirection of traffic is a quite big violation of
> basic
> > TCP/IP standards. And there are a number of applications that does
> not
> > work very well in transparent proxy setups.. (as well of the
> opposite..)
> >
> > --
> > Henrik Nordstrom
> > Squid hacker
> >
> > Hamid Hashemi Golpayegani wrote:
> > >
> > > so what can I do then ?!
> > >
> > > --
> > > Regards
> > >
> > > ============================================================
> > > / Seyyed Hamid Reza / WINDOWS FOR NOW !!
> /
> > > / Hashemi Golpayegani / Linux for future , FreeBSD for ever /
> > > / Morva System Co. / ------------------------------------- /
> > > / Network Administrator/ hamid@morva.net , ICQ# : 42209876 /
> > > ===========================================================
> > >
> > >
> > > -----Original Message-----
> > > From: hno@hem.passagen.se [mailto:hno@hem.passagen.se]
> > > Sent: Friday, March 16, 2001 2:17 AM
> > > To: Joe Cooper
> > > Cc: Squid Users
> > > Subject: Re: [squid-users] Deny Direct Proxy request !
> > >
> > > Joe Cooper wrote:
> > > >
> > > > Turn off httpd_accel_with_proxy.
> > >
> > > Except that HTTP/1.1 REQUIRES it, as servers MUST accept requests
> using
> > > a absolute URI....
> > >
> > > RFC 2616 section 5.1.2
> > >
> > > Note: When running as a "transparent proxy" the "proxy" technically
> acts
> > > on behalf of the origin server, not the client as in a normal proxy
> > > configuration...
> > >
> > > --
> > > Henrik Nordstrom
> > > Squid Hacker
>
>
--
Regards
============================================================
/ Seyyed Hamid Reza / WINDOWS FOR NOW !! /
/ Hashemi Golpayegani / Linux for future , FreeBSD for ever /
/ Morva System Co. / ------------------------------------- /
/ Network Administrator/ hamid@morva.net , ICQ# : 42209876 /
===========================================================
Received on Sat Mar 17 2001 - 08:29:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:42 MST