At 10:57 AM 11/28/01 +0100, Henrik Nordstrom wrote:
>What you need is "inverse" firewalling, denying your users to go directly.
>Can also be combined with similar techniques as in transparent proxying to
>provide the user with instructions on how to configure the proxy settings if
>they attempt in going directly.
So as Henrik tries to explain. Just make a filter in your router that
blocks outgoing traffic to TCP port 80. Trust me, that convinces users to
use the proxy. And if you provide education and a stable proxy, users will
accept it.
>Regards
>Henrik
>
>Ps. Questions on Squid usage should be sent to the Squid-Users mailing list.
>
>
>On Wednesday 28 November 2001 05.48, NRCG wrote:
> > Dear Mr.Henrik,
> > I am running a server with 2 NICs and squid running on the eth1, port 8080.
> > I am running Apache on the eth0 port 80 and the web page of my organization
> > also is hosted on.I use proxy authentication with NCSA and hence, can not
> > run proxy in the transparent mode. Now my problem is 1. I want all my
> > internal users (users on the network 192.168.1.0) must use the proxy on
> > 192.168.1.1:8080 (eth1) compulsorily and should not access the internet
> > directly by setting their browser direct (without proxy) 2. Even if I set
> > the proxy option in the client's browser, he can change the setting to
> > direct and reach internet bypassing proxy and authentication., I want to
> > block such direct access to the internet
---------------------------------------------------------
Marc van Selm
NATO C3 Agency, CISD/CAN
*********************************************************
** -- This mail is personal -- **
** All statements in this mail are made from my own **
** personal perspective and do not necessarily reflect **
** my employer's opinions or policies. **
*********************************************************
Received on Tue Dec 04 2001 - 10:25:20 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:13 MST