We do it with a firewall. Only the proxy server can send requests
destined for http ports through the firewall. If you try to bypass it,
you get denied, if you go through the proxy, all is well.
Mike
On Fri, Jan 24, 2003 at 10:58:07AM -0600, Bob Avery-Babel wrote:
> Yep. Transparent Proxy.
>
> However, if you can't use or don't want to use transparent proxy then it
> becomes a little more complicated.
>
> You can somehow lock down the user workstations so they can't switch off the
> proxy. Maybe someone else can talk about setting up login scripts that would
> do something like that (reset it to the proxy settings even if it was
> switched off)
>
> Or you configure your final gateway machine to only accept requests from the
> proxy server IP. :-) That would be another "transparent" way to do it.
>
> Bob
>
>
> ----- Original Message -----
> From: "Gavin Hamill" <gdh@acentral.co.uk>
> To: <squid-users@squid-cache.org>
> Sent: Friday, January 24, 2003 10:47 AM
> Subject: Re: [squid-users] forcing users to access Squid ...
>
>
> > On Friday 24 January 2003 4:41 pm, Kenn Murrah wrote:
> >
> > > Is there any way to ensure that the proxy is not being bypassed? In
> other
> > > words, the proxy has an IP of 192.168.100.100, which logs the traffic
> and
> > > directs it to the gateway (192.168.100.41) ... is there any possible way
> to
> > > keep an enterprising user from discovering the gateway address and
> > > accessing it directly, bypassing squid?
> >
> > Certainly, read the FAQ :)
> >
> > http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
> >
> > This is usually called 'transparent proxy.'
> >
> > gdh
> >
>
-- Mike Bender Raytheon - Marlboro System Administration benderm@raytheon.com 508.490.2849 pager: 508.722.0319Received on Fri Jan 24 2003 - 10:50:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:50 MST