On Apr 10, 2008, at 11:51 PM, ekul taylor wrote:
In my squid installation I use an IPtables based firewall to stop all
traffic from the end user subnets from flowing to the internet.
Servers are able to communicate to update things like NTP and DNS but
clients get their NTP and DNS for internal sources only. Only the
squid server is allowed to communicate with the internet and since it
has authenication (as has been suggested by others) no one who doesn't
have a username and password can browse the internet without
authorization. It has the added bonus of limiting the internet
traffic to things that are truly necessary since applications can't
phone home (especially nice for things like trojans) and things like
DNS queries are cached. Since only squid can communicate with the
internet changing proxy servers or trying to tunnel out has no effect
since the traffic is simply denied.
Luke Taylor
Hi Luke,
sorry jumping thread.
i have the same setup you have however not the Authentication , how
does the authentication stop a client from accessing
easyunblocker.com, or the various dns name changes that happen
everyday ?
current i running squid guard to handle blocks. regex and blacklists.
regex works pretty good but has holes.
keeping current seems to be the biggest pain in the butt.
-j
On Thu, Apr 10, 2008 at 2:42 AM, Anil Saini <[EMAIL PROTECTED]>
wrote:
how to stop anonymous browsing
we have huge collection of web-proxies to bybass acl blocked list
Is thr any sol to block them all without making list of them.
--
View this message in context:
http://www.nabble.com/stop-anonymous-browsing-tp16603009p16603009.html
Sent from the Squid - Users mailing list archive at Nabble.com.
