In my squid installation I use an IPtables based firewall to stop all traffic from the end user subnets from flowing to the internet. Servers are able to communicate to update things like NTP and DNS but clients get their NTP and DNS for internal sources only. Only the squid server is allowed to communicate with the internet and since it has authenication (as has been suggested by others) no one who doesn't have a username and password can browse the internet without authorization. It has the added bonus of limiting the internet traffic to things that are truly necessary since applications can't phone home (especially nice for things like trojans) and things like DNS queries are cached. Since only squid can communicate with the internet changing proxy servers or trying to tunnel out has no effect since the traffic is simply denied. Luke Taylor On Thu, Apr 10, 2008 at 2:42 AM, Anil Saini <anil.pilani@xxxxxxxxx> wrote: > > > how to stop anonymous browsing > > we have huge collection of web-proxies to bybass acl blocked list > Is thr any sol to block them all without making list of them. > > -- > View this message in context: http://www.nabble.com/stop-anonymous-browsing-tp16603009p16603009.html > Sent from the Squid - Users mailing list archive at Nabble.com. > >
