You could enforce proxy-pac file via global policy, or depending on your network equipment, you may be able to do policy-based routing (route by port) and/or even wccp...there are a several ways to get squid inbetween your users and their http traffic that I would recommend exploring before doing transparent-mode anything. ________________________________ From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Sat 11/15/2008 3:32 AM To: James Byrne Cc: qqq1one@xxxxxxxxx; squid-users@xxxxxxxxxxxxxxx Subject: Re: very basic question on enforcing use of proxy James Byrne wrote: > you can use a firewall or you can put squid in transparent mode, and set > up a transparent proxy. Which requires a firewall, and additionally requires NAT for the interception. Yes, a firewall is the only way to prevent clients doing what they like when connecting externally. Regardless of the connection type. Amos > > > On Nov 14, 2008, at 9:58 PM, qqq1one @yahoo.com wrote: > >> Hi, >> >> I have a very basic question. I don't even know what to search on for >> this question. I have squid installed and running, but my browser can >> freely get out to the internet without going through the proxy. I >> know about specifying the proxy in the browser, but what prevents an >> unconfigured browser from going straight out to the internet? Is a >> firewall the only way to prevent this? >> >> Thanks in advance. >> >> >> >> > -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2
