Find the answer to your Linux question:
Results 1 to 3 of 3
hello, i've recently installed squid on my server machine, and i typed following configuration in /etc/squid/squid.conf: http_port 8080 acl my-iplist-1 src 192.168.1.0/24 acl localhost src 127.0.0.1/255.255.255.255 acl manager proto cache_object ...
  1. 08-23-2009 #1
    djekovic
    djekovic is offline
    Just Joined!
    Join Date
    Aug 2009
    Posts
    7

    squiiiid heeeeelp!!!

    hello,
    i've recently installed squid on my server machine, and i typed following configuration in /etc/squid/squid.conf:

    http_port 8080
    acl my-iplist-1 src 192.168.1.0/24
    acl localhost src 127.0.0.1/255.255.255.255
    acl manager proto cache_object
    acl all src 0.0.0.0/0.0.0.0
    http_access allow my-iplist-1 manager localhost
    icp_access allow my-iplist-1
    http_access deny all

    but every client still has an access to internet even if its browser is configured not to use any proxy!!!

    how can i force my clients to configure their browsers to send requests to my proxy?

    i don't want to configure transparent proxy, i just wanna block any access to internet that doesn't go via squid.
    any idea?
    Reply With Quote Reply With Quote
  2. 08-24-2009 #2
    KingX
    KingX is offline
    Just Joined!
    Join Date
    May 2006
    Location
    San Jose, CA
    Posts
    67
    I think you can manage that through a firewall. I am not sure about the exact rules for iptables that would accomplish that, but I am sure if you look around you can find some.

    Another thing you could do is rather than forcing them.. you can ask them nicely to configure their browsers to use the said proxy . That might work.
    Reply With Quote Reply With Quote
  3. 08-25-2009 #3
    syd05
    syd05 is offline
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    75
    Hi,

    IMHO your post lacks some details perhaps to help understand the setup .... but anyways going by what you have mentioned in your post, there is an alternate way available in your network for clients to reach the internet. In plain terms, I assume there is a firewall rule which NAT's the traffic from the local network destined for the internet. You'll atleast need to block traffic to port 80, 443 on the firewall. Just configuring squid won't give you the desired effect unless the browsers on the client have proxy settings configured.

    Assuming the same system on which you've configured squid, was earlier the gateway / firewall for internet access, you could block port 80, 443

    iptables -I FORWARD -s 192.168.1.0/24 -p tcp -m multiport --dport 80,443 -j DROP

    If your not using iptables or you have a different firewall appliance, you'll need you use a similar rule as above on the device. Then configure proxy settings in the browsers since you are not using transparent proxy. Hope this helps...

    -- Syd
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...