is squid is simple to hack like this...????? all need attention.......

[manu.]

overriding squid block

hai to all,
in the recent days in my office we configured a proxyblocking for sites such as facebook&orcut . for a few days it was gone fine, but then we find someone still using these blocked sites.after a detailed look we find out the simple trick those people used.
ie they simply add facebook.com in the proxy configuration of firefox browser located under edit>preference>advanced>network>settings>manual proxy
and it look like

no proxy for :127.0.0.1,facebook.com
it simply connected to face book.com

my squid configuration is just by creating a blocklist.acl file and put the
needed entries there
what i have to do to solve this issue?
expecting your valuable replies soon....

[Irithori]

You could block destination ports 80 and 443 on your gateway for the client machines.
You probably dont want to block all machines, as you would need these ports also for server updates, etc.

And I canīt see how knowing how a proxy works qualifies as "hacking"

Of course, if there is a way out -even if only over the proxy- then a skilled guy can always build his own tunnel and get access again.
openssh and openvpn come to mind.
How many of your users would know about tunneling?

[manu.]

dear sir,
first thanks for your quick reply,and i feel sorry for my foolish assumptions (hacking ). but sir, still my problem is unsolved. sir i does'nt need to block net access to those users (facebook users) but only to prevent their access to blocked sites