Restrict users from bypassing squid proxy

**neo_bd** · 05-26-2010

Hello,

I am not sure whether it's possible or not. We running squid proxy server for our office. We restrict users using ACL to access the internet. There is some who do the followings:

1. Create a own proxy in there box who has the internet access.
2. Other users use those box as proxy and access to the internet.

Is it possible to restrict it?

**Lazydog** · 05-30-2010

Simple way to do this is to setup the firewall to only allow internet traffic that is coming from the proxy's IP Address. If the IP Address of the connection is not coming from the proxy the packets get Rejected/Dropped.

Now after that is done you could setup the firewall to redirect the connection to the proxy and then let the proxy re-submit the requests thus forcing everyone to use the proxy.

**neo_bd** · 06-02-2010

Hi Robert

Thanks for the reply. Can you please give me any guideline or docs regarding this. Any step by step guideline will be helpful for me.

Regards,
Neo

**Lazydog** · 06-02-2010

Simple, the following rule should take care of this for you.

Code:

iptables -t nat -A PREROUTING -i <LAN> -p tcp -m multiport --dport 80,443 ! -s <PROXY> -j DNAT --to-destination <PROXY>

Replace the following above;

<LAN> = LAN interface
<PROXY> = Porxy server's IP Address

Your mileage may very as I do not know how you have your network setup.

Thread Tools

Display

Restrict users from bypassing squid proxy

Posting Permissions