Search squid archive

Re: stop anonymous browsing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



jeff donovan wrote:

On Apr 10, 2008, at 11:51 PM, ekul taylor wrote:

In my squid installation I use an IPtables based firewall to stop all
traffic from the end user subnets from flowing to the internet.
Servers are able to communicate to update things like NTP and DNS but
clients get their NTP and DNS for internal sources only.  Only the
squid server is allowed to communicate with the internet and since it
has authenication (as has been suggested by others) no one who doesn't
have a username and password can browse the internet without
authorization.  It has the added bonus of limiting the internet
traffic to things that are truly necessary since applications can't
phone home (especially nice for things like trojans) and things like
DNS queries are cached.  Since only squid can communicate with the
internet changing proxy servers or trying to tunnel out has no effect
since the traffic is simply denied.

Luke Taylor

Hi Luke,
sorry jumping thread.

i have the same setup you have however not the Authentication , how does the authentication stop a client from accessing easyunblocker.com, or the various dns name changes that happen everyday ?

Ah, I think you misunderstand.
The authentication is for users to use the squid in the first place. If they don't have credentials against squid they don't get _any_ access.

Its a nice backer to other blocking methods. Making sure the user is either present and wanting web access, or knows any automatic apps enough to configure with their user/pass.

Amos


current i running squid guard to handle blocks. regex and blacklists. regex works pretty good but has holes.

keeping current seems to be the biggest pain in the butt.
-j




On Thu, Apr 10, 2008 at 2:42 AM, Anil Saini <anil.pilani@xxxxxxxxx> wrote:


how to stop anonymous browsing

we have huge collection of  web-proxies to bybass acl blocked list
Is thr any sol to block them all without making list of them.

--
View this message in context: http://www.nabble.com/stop-anonymous-browsing-tp16603009p16603009.html
Sent from the Squid - Users mailing list archive at Nabble.com.






--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux