On Wed, 28 Apr 2004, Mr. S M Thakor wrote: > I want to put access control on user's browsers. Can squid accept > requests only from Internet Explorer, Netscape Navigator and Opena ?
Yes, as long as the user is not lying about what browser he is using. Se the browser acl. > If a user allowed to use squid proxy installs on client PC a proxy > server like analogue-x, proxyi, winproxy or naviscope, his request > should be rejected. This is harder. If the proxy used kindly enough adds information about the proxy to the request headers it is possible, but there is no guarantee the proxy will do so, and as soon as you start doing this kind of access controls your users will start looking for ways around it.. Best way is to use authentication. This way the user must share hist login+password to make it possible for others to use the proxy, but even this is not foolprof as a) The user may willingly give away hist login+password b) Some proxies (Squid included) allow configuring of a login+password to use in forwarded requests > My organisation has strict regulation on internet > access. I am providing internet access based on MAC address od client pc > ( --enable-arp-acl) for allowed URLs. And what you are looking for is best addressed by having an enforceable polixy. The proxy can only help you to in best case detect when people attempt to bypass the regulations, but without having support in those regulations for actions truly noticeable to the responsible end-user you will be fighting in vein as each measure you take to enforce the regulation will soon be bypassed by your users if they are intent on it. Regards Henrik
