Asalamualikum,
i am using transparent proxy but one of my client is using external proxy addresses in his browser to bypass my proxy server which is also the gateway as required i get the following line in response
1171684374.733 524 192.168.0.44 TCP_MISS/200 1264 GET http://www.acclaimimages.com/acclaim_style.
css - DIRECT/67.15.4.226 text/css
67.15.4.226 this is the address he is using but as much as i know if i block this he has a list of online proxy addresses how to block this please advise. I want strict no access to the external world from my clients.
Best regds
mushtaq
squid bypassing
squid bypassing
Life is just a deception from truth
-
- Subedar
- Posts: 355
- Joined: Sat May 07, 2005 11:54 am
- Location: Lahore
- Contact:
he is not bypassing
this is access.log entry
this is access.log entry
Regards
Rana Tanveer
+923224194457
Linux Student
For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
Rana Tanveer
+923224194457
Linux Student
For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
-
- Subedar
- Posts: 355
- Joined: Sat May 07, 2005 11:54 am
- Location: Lahore
- Contact:
and if you wish to stop bypassing,
use iptables default drop policy and open up particular ports
use iptables default drop policy and open up particular ports
Regards
Rana Tanveer
+923224194457
Linux Student
For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
Rana Tanveer
+923224194457
Linux Student
For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear mushtaq,
Salam,
I believe you can restrict users to stick only with your proxy by using iptables.
# iptables -t nat -A PREROUTING -p tcp --dport 3128 -j DNAT --to 192.168.0.1:8080
# iptables -t nat -A PREROUTING -s 192.168.0.1/24 -p tcp --dport 8080 -j DNAT --to 192.168.0.1:8080
# iptables -t nat -A PREROUTING -s 192.168.0.1/24 -p tcp --dport 80 -j DNAT --to 192.168.0.1:8080
Best Regards.
Salam,
I believe you can restrict users to stick only with your proxy by using iptables.
# iptables -t nat -A PREROUTING -p tcp --dport 3128 -j DNAT --to 192.168.0.1:8080
# iptables -t nat -A PREROUTING -s 192.168.0.1/24 -p tcp --dport 8080 -j DNAT --to 192.168.0.1:8080
# iptables -t nat -A PREROUTING -s 192.168.0.1/24 -p tcp --dport 80 -j DNAT --to 192.168.0.1:8080
Best Regards.
Farrukh Ahmed