Re: [squid-users] prevent direct access

Comments below.

On Mon, 27 Sep 2004 08:06:02 -0400, Chris Perreault
<chris.perreault@wiremold.com> wrote:
> Hello, helpdesk. The web is busted, I get this error page. Read the page and
> feel free to call back if you have any problems.

The page could be step by step instructions!

> That is still less time for the helpdesk than walking users through the
> whole setup. Be creative with the webpage, don't use black text with no
> pictures. Make the headline say something like "Not your everday error page"
> or "ahhh, want net? Read this" Put a cartoon or other graphic on the page.

Absolutely! Also if you in the process of changing proxy settings be
smart about it, write a auto config script, that way you have control
of changes from there on in...no more help desk calls, if you decide
to change the proxy server name/address you just update your script
and the users never know..

> On regedit: You wouldn't run regedit on the webpage, you'd provide a link
> that they could download or run from the webpage. The only thing this file
> could do would be to change their proxy settings. If someone could get onto
> the webserver and change this reg hack then when the users ran it all sorts
> of things might happen. BUT...if they could get onto the server and change
> it, they could also get on the server, change the webpage, and add a little
> script of their own anyways. I don't see offering a reg change file/fix on a
> webpage as a security risk at all.

Although I didn't explain myself properly before this is what I was
getting at, a simple link on a website the user could click on to make
the changes, just a reg file even does it, login script is another way
you can do it, the key is to think about the changes and do them in
the smartest possible way, it makes your life easier in the long run..

The fact they are using IE is a security risk! :)

> Chris
>
>
>
> -----Original Message-----
> From: Jawed Ahmed [mailto:jawed@teamsap.adaniwilmar.com]
> Sent: Monday, September 27, 2004 1:27 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] prevent direct access
>
> hi,
> yes..I have done what you suggested..but the thing is that..the moment they
> see that error page..no one bother to read the instructions to change the
> settings..they immediately call up the IT..'Internet is down'...so I was
> wondering if there is someway to get it done on the fly...
>
> if regedit is only way of doing it..then I would definitely not prefer
> it..running regedit any way won't be possible on the remote machine through
> a webpage..big security risk !
>
> thanks for the time
>
> Jawed
>
> On 27 Sep 2004 at 15:17, Richard wrote:
>
> > Hi,
> >
> > The only suggestion I could offer is re-directing your users to a site
> > that has 1 or both of the following:
> >
> > 1: Instructions on how to configure IE.
> > 2: Link to a job that could be excetuted to run a silent regedit which
> > would set the users proxy server (only works with windows)
> >
> > As far as automatically changing settings goes I think it might be a
> > little difficult.
> >
> >
> > On Mon, 27 Sep 2004 09:11:41 +0530, Jawed Ahmed
> > <jawed@teamsap.adaniwilmar.com> wrote:
> > > hi group,
> > > a few days ago, henrik had suggested that we can prevent smart users
> > > from accessing the net directly by redirect users from port 80 to
> > > some other port where we can host a single page on the webserver asking
> them to use the proxy server.
> > >
> > > I wanted to know if it is possible to put some script on that page
> > > to which users are redirected, which will automatically configure
> > > the IE proxy settings to the one which we want..I read somewhere
> > > that it can be done..but havne't been successful in googling out the
> relevant info..
> > >
> > > if someone knows, then please guide me to the URLs so that I can
> accomplish that.
> > >
> > > warm regards,
> > > Jawed Ahmed
> > >
> > >
>
>
Received on Tue Sep 28 2004 - 00:48:16 MDT