Sign in with
Sign up | Sign in
Your question

How to Stop bypassing Proxy server?

Last response: in Networking
Share
Anonymous
May 31, 2004 1:55:06 AM

Archived from groups: comp.security.firewalls (More info?)

Some of the users at my location are accessing the Internet by
bypassing the in-house proxy server. They are just typing the upstream
proxy server IP address and port number in browser and accessing the
Internet. How can I prohibit such activities? My network is on
192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
(take these IP addresses as an example). I can access 195.2.104.0
network from my location. I am using Squid Proxy server on Linux
RH8.Can anyone suggests use of IPTABLES to achieve this?
Anonymous
May 31, 2004 11:53:45 AM

Archived from groups: comp.security.firewalls (More info?)

You could try threaten to break the legs of the users that bypass the proxy,

But seriously, normally the internet gateway is on a sperate Lan and the
proxy acts like a bridge between the internet Lan and users Lan making it
impossible to bypass the proxy. Unless i've misunderstood your problem, you
need to remove the gateway off the users Lan.


> Some of the users at my location are accessing the Internet by
> bypassing the in-house proxy server. They are just typing the upstream
> proxy server IP address and port number in browser and accessing the
> Internet. How can I prohibit such activities? My network is on
> 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
> (take these IP addresses as an example). I can access 195.2.104.0
> network from my location. I am using Squid Proxy server on Linux
> RH8.Can anyone suggests use of IPTABLES to achieve this?
Anonymous
May 31, 2004 3:21:05 PM

Archived from groups: comp.security.firewalls (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On mandag 31. mai 2004, 06:55 ssp2000 tried to express an opinion:

> Some of the users at my location are accessing the Internet by
> bypassing the in-house proxy server. They are just typing the upstream
> proxy server IP address and port number in browser and accessing the
> Internet. How can I prohibit such activities? My network is on
> 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
> (take these IP addresses as an example). I can access 195.2.104.0
> network from my location. I am using Squid Proxy server on Linux
> RH8.Can anyone suggests use of IPTABLES to achieve this?

I also wanted that feature and stubled across it in a news group by accident.
Here is an excerpt of the last post in that thread.
(This suggestion requires the use of iptables and not ipchains.)
Just replace the to-port "3129" with the port of your squid

I also suggest you check if eth0 is your LAN. I think he who suggested
this iptables rule use eth0 as the LAN interface.

(btw, I havent implemented this feature my self yet :-)=
I often saves features I might want in the future, in text files.)

====
>> If you want transparent Squid proxying, use this line too:
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

> Do I understand this correct if I say this will FORCE the use of a proxy
> regardless of (missing) proxy settings in the browsers (throghout the
> network)?

Only for those connecting to port 80 of a remote machine, which is certainly
the bulk of browser connections. All other ports (such as 21, 443, 8080, etc.)
will be connected exclusive of any proxy, since they don't qualify for the
REDIRECT conditions as stated.
====

btw, here is the original thread (archived). (watch for line wrap)
http://groups.google.com/groups?hl=no&lr=&ie=UTF-8&th=9...

- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
PGP key ID: 0xFA687324
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAuvkET1rWTfpocyQRAkS5AKCsY9H+IEHRsSHYeAlJGZ2MCPOdogCgkzTn
BM8LMQQnoB0u/KsOp320ZNE=
=hPIl
-----END PGP SIGNATURE-----
Related resources
Anonymous
June 2, 2004 7:22:20 PM

Archived from groups: comp.security.firewalls (More info?)

On 30 May 2004 21:55:06 -0700, ssp2000 spoketh

>Some of the users at my location are accessing the Internet by
>bypassing the in-house proxy server. They are just typing the upstream
>proxy server IP address and port number in browser and accessing the
>Internet. How can I prohibit such activities? My network is on
>192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
>(take these IP addresses as an example). I can access 195.2.104.0
>network from my location. I am using Squid Proxy server on Linux
>RH8.Can anyone suggests use of IPTABLES to achieve this?

The same question in two different threads in three days? You didn't
like the answers you got three days ago?

If you don't want people to surf the net without going through your
proxy, the obvious solution is to only allow your proxy server access to
the internet on the usual web browsing ports (80, 443). You can also
explicitly block access to the IP address of the proxy server that your
employees are using.


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
July 28, 2011 3:37:57 PM

Quote:
Archived from groups: comp.security.firewalls (More info?)

Some of the users at my location are accessing the Internet by
bypassing the in-house proxy server. They are just typing the upstream
proxy server IP address and port number in browser and accessing the
Internet. How can I prohibit such activities? My network is on
192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
(take these IP addresses as an example). I can access 195.2.104.0
network from my location. I am using Squid Proxy server on Linux
RH8.Can anyone suggests use of IPTABLES to achieve this?



If you push a firewall policy that only allows HTTP and HTTPs traffic to be received by the proxy I P address, they cannot bypass it.
!