squid bypassing

Protecting your Linux box

squid bypassing

Postby mushtaq » Thu Feb 22, 2007 7:47 pm

Asalamualikum,

i am using transparent proxy but one of my client is using external proxy addresses in his browser to bypass my proxy server which is also the gateway as required i get the following line in response

1171684374.733 524 192.168.0.44 TCP_MISS/200 1264 GET http://www.acclaimimages.com/acclaim_style.
css - DIRECT/67.15.4.226 text/css

67.15.4.226 this is the address he is using but as much as i know if i block this he has a list of online proxy addresses how to block this please advise. I want strict no access to the external world from my clients.

Best regds
mushtaq
Life is just a deception from truth
mushtaq
Havaldaar
 
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

Postby ranatanveer » Fri Feb 23, 2007 10:50 am

he is not bypassing
this is access.log entry
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore

Postby ranatanveer » Fri Feb 23, 2007 10:52 am

and if you wish to stop bypassing,
use iptables default drop policy and open up particular ports
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore

Re:

Postby LinuxFreaK » Fri Feb 23, 2007 11:02 am

Dear mushtaq,
Salam,

I believe you can restrict users to stick only with your proxy by using iptables.

# iptables -t nat -A PREROUTING -p tcp --dport 3128 -j DNAT --to 192.168.0.1:8080
# iptables -t nat -A PREROUTING -s 192.168.0.1/24 -p tcp --dport 8080 -j DNAT --to 192.168.0.1:8080
# iptables -t nat -A PREROUTING -s 192.168.0.1/24 -p tcp --dport 80 -j DNAT --to 192.168.0.1:8080


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron