Re: [squid-users] Bypassing squid proxy

From: Alex Rousskov <rousskov@dont-contact.us>
Date: Tue, 5 Mar 2002 22:50:10 -0700 (MST)

On Wed, 6 Mar 2002, H M Rajeev wrote:

> we use squid as proxy server and all the users are connecting to
> squid for browsing. ACL is configured based on System IP address.
> But we have found that some users are installed free proxy
> software in their system(ACL is configured to allow these users)
> and allowing other users( who don't have access directly from
> squid) to browse the net, so,bypassing the squid, which is causing
> the havoc.
>
> Is there any solution for this?

I doubt there is a simple technical solution. If you introduce
password-based authentication, then authorized users can configure
their unauthorized proxies to send their credentials. If you start
filtering based on some HTTP headers that unauthorized proxies send,
then some users will disable those in their proxies. Etc.

Perhaps you should look at the core problem instead. That is, what
exactly is "havoc"? Is it unauthorized access per se? Or is it
increased bandwidth usage? If the real problem is bandwidth-related,
you can try introducing bandwidth limits.

Also, depending on your network, it may be possible to prevent those
unauthorized users to connect to unauthorized proxies (i.e., to
authorized users' PCs).

Alex.
Received on Tue Mar 05 2002 - 22:50:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:43 MST