Here havoc means it is unethical. Say among 100 users we have given access
to only 50 users. And other 10 users are accessing the net by connecting to
unauthorized proxy. Certainly other 40 users , who don't know how to bypass
will question us. More than that if everybody is connecting to unauthorized
proxy then there is no meaning for squid ACL.
Squid log doesn't show the ip address of those 10 users who is connecting to
authorized users PC.
regards
rajeev
----- Original Message -----
From: "Alex Rousskov" <rousskov@measurement-factory.com>
To: "H M Rajeev" <hmrajeev@ybil.com>
Cc: <squid-users@squid-cache.org>
Sent: Wednesday, March 06, 2002 11:20 AM
Subject: Re: [squid-users] Bypassing squid proxy
> On Wed, 6 Mar 2002, H M Rajeev wrote:
>
> > we use squid as proxy server and all the users are connecting to
> > squid for browsing. ACL is configured based on System IP address.
> > But we have found that some users are installed free proxy
> > software in their system(ACL is configured to allow these users)
> > and allowing other users( who don't have access directly from
> > squid) to browse the net, so,bypassing the squid, which is causing
> > the havoc.
> >
> > Is there any solution for this?
>
> I doubt there is a simple technical solution. If you introduce
> password-based authentication, then authorized users can configure
> their unauthorized proxies to send their credentials. If you start
> filtering based on some HTTP headers that unauthorized proxies send,
> then some users will disable those in their proxies. Etc.
>
> Perhaps you should look at the core problem instead. That is, what
> exactly is "havoc"? Is it unauthorized access per se? Or is it
> increased bandwidth usage? If the real problem is bandwidth-related,
> you can try introducing bandwidth limits.
>
> Also, depending on your network, it may be possible to prevent those
> unauthorized users to connect to unauthorized proxies (i.e., to
> authorized users' PCs).
>
> Alex.
Received on Wed Mar 06 2002 - 00:18:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:43 MST