Jeffrey Goldberg wrote: > On Jul 6, 2007, at 2:33 PM, RW wrote: >> If this box is not the gateway, there is no point in doing anything >> about this because they can simply turn-off proxying and go direct to >> the internet. > > However, on your gateway you can specify that only the proxy box is > allowed to connect to the web. That is block all outbound traffic to > ports 80 and 443 unless they come from the machine running squid.
This is of course granted that the gateway has a strict firewall rule set that allows minimal, known destination ports and by default would block external, free proxies (and anything else) that run on unusual ports (eg: 50001) as someone else suggested. Steve _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"