Jason, I think trying to lock down Mozilla is a difficult thing. Once you lock it down, the user will find Konquerer or Galeon or some other browswer and you'll be chasing that problem forever.
I think Kai's suggestion of using an iptables rule to limit access to port 80 to ONLY the squid user-id is what you'd want. That way, you can setup a transparent squid proxy so that ALL browser port 80 traffic gets redirected to the squid proxy. Jim McQuillan [EMAIL PROTECTED] On Fri, 30 Apr 2004, Jason Young wrote: > Guys, > > Just one last thing. With the Squid-based solution that would seem to > work, but requires configuration of proxy settings on the browser, would > performing a chown & chmod of the user's "prefs.js" file in their > mozilla folders with a script, rendering it non-writable by the users > work? I'm admittedly no more than a power-user when it comes to Linux, > so I don't know what the possible ramifications of this approach would > be, but I tried it on a machine at home & it appeared to work. > > - Jason > > > On Thu, 2004-04-29 at 23:54, [EMAIL PROTECTED] wrote: > > On Thu, 29 Apr 2004, Jason Young wrote: > > > > > Jim, > > > > > > I might be mistaken, but couldn't Varun apply any needed filters on > > > Shorewall to achieve this; for instance, applying an accept rule on port > > > 80 for the IP address of his local Web server while denying all other > > > destination IPs? > > > > Well, we should probably get Varun back into this conversation, but I > > think he wants some users to be get internet access via his squid cache, > > while he wants other users to NOT be able to run mozilla to get outside > > web pages. > > > > if both Squid and Mozilla are running on the same box, how do you allow > > Squid to get outside web pages, while NOT allowing Mozilla ? > > > > You can configure Mozilla to go to the squid cache, but a smart user > > will figure out how to re-configure mozilla to get around the squid > > proxy. > > > > Ultimately, I think he needs to run squid on a different machine. Then, > > his firewall could block port 80 access from the LTSP server, but allow > > port 80 access from the squid server. > > > > Then, he could use squid rules to allow/deny internal machines from > > accessing external web sites. > > > > Jim. > > > > > > > > > > > > > > - Jason > > > > > > > > > On Thu, 2004-04-29 at 22:25, [EMAIL PROTECTED] wrote: > > > > I'm thinking that Varun needs his users to have browser access to pages > > > > on the local server, but he doesn't want them browsing the internet > > > > > > > > So far, nobody has addressed that problem. > > > > > > > > Jim McQuillan > > > > [EMAIL PROTECTED] > > > > > > > > > > > > On Thu, 29 Apr 2004, Jim Glutting wrote: > > > > > > > > > Hi Varun, > > > > > It you use a window manager like icewm, there are no icons > > > > > on the desktop. All programs are launched from the Start menu > > > > > or the taskbar. You control what goes on the Start menu thru a > > > > > text file, and only put the references to programs that you want > > > > > them to have. So if you don't put a browser on the menu, they > > > > > cannot run an internet browser. > > > > > > > > > > Hope that helps > > > > > JAG > > > > > > > > > > Varun wrote: > > > > > > > > > > > Hello, > > > > > > I want to put my ltsp4 server and squid proxy server > > > > > > on the same machine. > > > > > > I want internet access only for non ltsp clients. > > > > > > I want no ltsp clients to have internet access. > > > > > > Is there any config available in ltsp ? > > > > > > > > > > > > Thanks > > > > > > > > > > > > Varun > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > This SF.Net email is sponsored by: Oracle 10g > > > > > > Get certified on the hottest thing ever to hit the market... Oracle > > > > > > 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > > > > > _____________________________________________________________________ > > > > > > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > > > > > > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > > > > > > For additional LTSP help, try #ltsp channel on irc.freenode.net > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > This SF.Net email is sponsored by: Oracle 10g > > > > > Get certified on the hottest thing ever to hit the market... Oracle 10g. > > > > > Take an Oracle 10g class now, and we'll give you the exam FREE. > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > > > > _____________________________________________________________________ > > > > > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > > > > > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > > > > > For additional LTSP help, try #ltsp channel on irc.freenode.net > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > This SF.Net email is sponsored by: Oracle 10g > > > > Get certified on the hottest thing ever to hit the market... Oracle 10g. > > > > Take an Oracle 10g class now, and we'll give you the exam FREE. > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > > > _____________________________________________________________________ > > > > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > > > > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > > > > For additional LTSP help, try #ltsp channel on irc.freenode.net > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.Net email is sponsored by: Oracle 10g > > > Get certified on the hottest thing ever to hit the market... Oracle 10g. > > > Take an Oracle 10g class now, and we'll give you the exam FREE. > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > > _____________________________________________________________________ > > > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > > > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > > > For additional LTSP help, try #ltsp channel on irc.freenode.net > > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: Oracle 10g > > Get certified on the hottest thing ever to hit the market... Oracle 10g. > > Take an Oracle 10g class now, and we'll give you the exam FREE. > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > _____________________________________________________________________ > > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > > For additional LTSP help, try #ltsp channel on irc.freenode.net > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
