Hello Manuel I had the same problem. Do you have firewall? Before any of your user can make it to the www, they have to get a public IP from something via NAT or what ever method. This device (firewall, router etc) can be told to deny all traffic from the trust interface that is coming from your users.
I all your internal IP are in the same ranges! Set a permit rule for your servers that get updates on their own ( virus def, patches etc) before your users. With this setup, only users browsing through the proxy will be able to browse, because any savvy user that changes the browser config will be blocked at your perimeter device. Example router config for cisco router Permit ip 10.9.1.0 0.0.0.255 any -- servers Deny ip 10.9.2.0 0.0.0.255 any -- users. Blocks all traffic from 10.9.2.0 range Or deny tcp 10.9.2.0 0.0.0.255 any eq 80 (www) users-- will block only port 80 Permit ip any any Hope this helps!~ ~alvaro -----Original Message----- From: Datareactor [mailto:[EMAIL PROTECTED] Sent: Monday, September 29, 2003 9:00 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [squid-users] How to prevent anwanted bypassing squid by network users trhough browser set-up if u have router you can implement wccp on it to forward your port 80 request to squid proxies then yr rules will be applied . no need to put proxy in their browser. Regards ./DR ----- Original Message ----- From: "Manuel Schroeder" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 29, 2003 5:40 PM Subject: [squid-users] How to prevent anwanted bypassing squid by network users trhough browser set-up > Hi, > > we want to disable our network users to access their private webmail > etc. from the office. So I did successfully made an acl dstdomain > ....... and made squid also taking care about port 80. > > But my obvious concern is that our clever users will setup their > browsers back NOT to use our proxy but to go to the internet DIRECTLY as > usual in former times on port 80 without proxy use. %) I did hope the > above (also looking at port 80) would prevent them from but sorry to say > it does not. 8( > > But by doing so all my wonderfull filter rules in squid will be > bypassed! :( > > How can I make squid to block browsers coming on port 80 in "no proxy > mode"?! :) > > Manuel > > >
