Re: [squid-users] stop anonymous browsing
If you are serious about blocking proxies and ssh/vpn tunnels, you have 20 or so options and they are all commercial. -Marcus Anil Saini wrote: how to stop anonymous browsing we have huge collection of web-proxies to bybass acl blocked list Is thr any sol to block them all without making list of them.
Re: [squid-users] stop anonymous browsing
You should choose one of the several validation option than offers by Squid (LDAP,ADS,SAMBA,NTLM local users, etc.) If you have many proxys I suggest try to integrate them with your actual user validation repository --- Anil Saini <[EMAIL PROTECTED]> wrote: > > > how to stop anonymous browsing > > we have huge collection of web-proxies to bybass > acl blocked list > Is thr any sol to block them all without making list > of them. > > -- > View this message in context: > http://www.nabble.com/stop-anonymous-browsing-tp16603009p16603009.html > Sent from the Squid - Users mailing list archive at > Nabble.com. > > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] stop anonymous browsing
Anil Saini wrote: how to stop anonymous browsing we have huge collection of web-proxies to bybass acl blocked list Is thr any sol to block them all without making list of them. Post and enforce an Acceptable Use Policy forbidding bypassing the local proxy, or use white lists of allowed sites and a very restrictive firewall. Chris
Re: [squid-users] stop anonymous browsing
In my squid installation I use an IPtables based firewall to stop all traffic from the end user subnets from flowing to the internet. Servers are able to communicate to update things like NTP and DNS but clients get their NTP and DNS for internal sources only. Only the squid server is allowed to communicate with the internet and since it has authenication (as has been suggested by others) no one who doesn't have a username and password can browse the internet without authorization. It has the added bonus of limiting the internet traffic to things that are truly necessary since applications can't phone home (especially nice for things like trojans) and things like DNS queries are cached. Since only squid can communicate with the internet changing proxy servers or trying to tunnel out has no effect since the traffic is simply denied. Luke Taylor On Thu, Apr 10, 2008 at 2:42 AM, Anil Saini <[EMAIL PROTECTED]> wrote: > > > how to stop anonymous browsing > > we have huge collection of web-proxies to bybass acl blocked list > Is thr any sol to block them all without making list of them. > > -- > View this message in context: > http://www.nabble.com/stop-anonymous-browsing-tp16603009p16603009.html > Sent from the Squid - Users mailing list archive at Nabble.com. > >
Re: [squid-users] stop anonymous browsing
On Apr 10, 2008, at 11:51 PM, ekul taylor wrote: In my squid installation I use an IPtables based firewall to stop all traffic from the end user subnets from flowing to the internet. Servers are able to communicate to update things like NTP and DNS but clients get their NTP and DNS for internal sources only. Only the squid server is allowed to communicate with the internet and since it has authenication (as has been suggested by others) no one who doesn't have a username and password can browse the internet without authorization. It has the added bonus of limiting the internet traffic to things that are truly necessary since applications can't phone home (especially nice for things like trojans) and things like DNS queries are cached. Since only squid can communicate with the internet changing proxy servers or trying to tunnel out has no effect since the traffic is simply denied. Luke Taylor Hi Luke, sorry jumping thread. i have the same setup you have however not the Authentication , how does the authentication stop a client from accessing easyunblocker.com, or the various dns name changes that happen everyday ? current i running squid guard to handle blocks. regex and blacklists. regex works pretty good but has holes. keeping current seems to be the biggest pain in the butt. -j On Thu, Apr 10, 2008 at 2:42 AM, Anil Saini <[EMAIL PROTECTED]> wrote: how to stop anonymous browsing we have huge collection of web-proxies to bybass acl blocked list Is thr any sol to block them all without making list of them. -- View this message in context: http://www.nabble.com/stop-anonymous-browsing-tp16603009p16603009.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] stop anonymous browsing
jeff donovan wrote: On Apr 10, 2008, at 11:51 PM, ekul taylor wrote: In my squid installation I use an IPtables based firewall to stop all traffic from the end user subnets from flowing to the internet. Servers are able to communicate to update things like NTP and DNS but clients get their NTP and DNS for internal sources only. Only the squid server is allowed to communicate with the internet and since it has authenication (as has been suggested by others) no one who doesn't have a username and password can browse the internet without authorization. It has the added bonus of limiting the internet traffic to things that are truly necessary since applications can't phone home (especially nice for things like trojans) and things like DNS queries are cached. Since only squid can communicate with the internet changing proxy servers or trying to tunnel out has no effect since the traffic is simply denied. Luke Taylor Hi Luke, sorry jumping thread. i have the same setup you have however not the Authentication , how does the authentication stop a client from accessing easyunblocker.com, or the various dns name changes that happen everyday ? Ah, I think you misunderstand. The authentication is for users to use the squid in the first place. If they don't have credentials against squid they don't get _any_ access. Its a nice backer to other blocking methods. Making sure the user is either present and wanting web access, or knows any automatic apps enough to configure with their user/pass. Amos current i running squid guard to handle blocks. regex and blacklists. regex works pretty good but has holes. keeping current seems to be the biggest pain in the butt. -j On Thu, Apr 10, 2008 at 2:42 AM, Anil Saini <[EMAIL PROTECTED]> wrote: how to stop anonymous browsing we have huge collection of web-proxies to bybass acl blocked list Is thr any sol to block them all without making list of them. -- View this message in context: http://www.nabble.com/stop-anonymous-browsing-tp16603009p16603009.html Sent from the Squid - Users mailing list archive at Nabble.com. -- Please use Squid 2.6.STABLE19 or 3.0.STABLE4