RE: [squid-users] Blocking proxies

> -----Original Message-----
> From: Peter Albrecht [mailto:peter.albrecht@novell.com]
> Sent: Tuesday, August 07, 2007 10:04 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Blocking proxies
>
> Hi Thomas,
>
> On Tuesday 07 August 2007 15:41, Thomas Raef wrote:
> > How can we block open proxy use?
> >
> > Either transparent or non-transparent. We looked at using l7-filter
but
> > there must be an acl or some config option to block users from
accessing
> > outside proxy servers. We have a school in need of this.
>
> What do you want to block?
>
> 1) Users from the school accessing another proxy somewhere? Then you
need
> to block all http/https requests on your router. I.e., every
connection
> that does not come from your proxy needs to be blocked.
[Tom replied with:]
        I am detecting all http/https connections with l7-filter and
forcing the use of the squid box. Will that block access to all
anonymous proxies?

Do I need to use:

 header_access X-Forwarded-For deny all

Or some other such acl?

Thank you for your reply.

> 2) Other users from the outside using your proxy? Define an ACL to
allow
> access only from your internal network. Or have Squid listen on the
> internal network interface only.
>
> Hope this helps,
>
> Peter
>
> --
> Peter Albrecht, Novell Training Services
Received on Tue Aug 07 2007 - 09:19:08 MDT