On Tue, Jun 01, 1999 at 08:57:20AM +0200, Tilman Schmidt wrote:
> At 14:52 01.06.99 +0900, danielrod@nts.co.jp wrote:
> >My question is, how do I force my user's to configure their browsers to use
> >the cache? Is there any way for an administrator to lock the browsers
> >configurations so users cannot reconfiguring them?
>
> The most reliable way to do this is to deny the users direct web
> access in your firewall. They will configure there browsers for
> using the cache sure enough if that's the only way they get WWW
> access at all! ;-)
Well, I think this way is more elegant:
1. Setup a webserver on a non-standard port wich serves the same page(*)
for every URL.
2. Redirect traffic "to the outside" and port 80 to this webserver.
(*) The page tells the user that he hasn't configured his/her browser
correctly and points her/him to a page with proxy parameters and hints on
how to configure browsers.
1:
This can be done with a simple shell script that starts from inetd, or
if you already run apache somewhere (you need mod_alias for this):
<VirtualHost www.your.domain:8080>
DocumentRoot /usr/local/www2
aliasmatch .* /usr/local/www2/index.html
</VirtualHost>
2:
For the typical network setup "ISP <-> Router <-> Your subnet" you can
use somthing like this with ipfilters:
#!/usr/sbin/ipnat -f
# To allow access to your webserver directly if it runs on your router:
# rdr <internal interface> www.your.domain port www -> www.your.domain www
rdr <internal interface> 0.0.0.0/0 port www -> www.your.domain 8080
If you have a more complex network setup (eg. local traffic runs through
this proxy), more complex rules may be needed.
We use this with great success, "only" 5% of our users (students, since
"we" are a dorm) still don't get it right. But I guess it would be more if
we just block and send a mail about it :-). (computer users are stupid
these days.)
[Yes, I know about tranparent proxies but I prefer the "non-transparent"
way.]
-- Dies ist Thilos Unix Signature! Viel Spass damit.Received on Tue Jun 01 1999 - 05:11:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:42 MST