On Tue, 19 Apr 2005, Funieru Bogdan wrote:
hello guys, i have a rather BIG problem,i want to know if there is,and if there is what it is,to not allow others to forward the proxy to other computers.
I think you are asking if there is means to stop people from running child proxies inside your network.
Not easily. Some of these make a pretty good job of not revealing themselves in the requests. However if the proxy follows the RFC you should be able to look for a Via:, X-Forwarded-For: or other proxy generated request header line. But not all proxies adds these request headers.
Authentication can also be relatively efficient in fighting this, but you should be aware there is proxies which allow the authentication credentials to be statically configured to defeat this..
The final option is to run statistics, and look closely at the traffic from suspected users (preferably with the User-Agent header preserved) to judge if this traffic is reasonably from one person or if there is many persons behind this IP.
Regards Henrik
