How to Stop bypassing Proxy server?

Archived from groups: comp.security.firewalls (More info?)

Some of the users at my location are accessing the Internet by
bypassing the in-house proxy server. They are just typing the upstream
proxy server IP address and port number in browser and accessing the
Internet. How can I prohibit such activities? My network is on
192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
(take these IP addresses as an example). I can access 195.2.104.0
network from my location. I am using Squid Proxy server on Linux
RH8.Can anyone suggests use of IPTABLES to achieve this?
4 answers Last reply
More about stop bypassing proxy server
  1. Archived from groups: comp.security.firewalls (More info?)

    You could try threaten to break the legs of the users that bypass the proxy,

    But seriously, normally the internet gateway is on a sperate Lan and the
    proxy acts like a bridge between the internet Lan and users Lan making it
    impossible to bypass the proxy. Unless i've misunderstood your problem, you
    need to remove the gateway off the users Lan.


    > Some of the users at my location are accessing the Internet by
    > bypassing the in-house proxy server. They are just typing the upstream
    > proxy server IP address and port number in browser and accessing the
    > Internet. How can I prohibit such activities? My network is on
    > 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
    > (take these IP addresses as an example). I can access 195.2.104.0
    > network from my location. I am using Squid Proxy server on Linux
    > RH8.Can anyone suggests use of IPTABLES to achieve this?
  2. Archived from groups: comp.security.firewalls (More info?)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On mandag 31. mai 2004, 06:55 ssp2000 tried to express an opinion:

    > Some of the users at my location are accessing the Internet by
    > bypassing the in-house proxy server. They are just typing the upstream
    > proxy server IP address and port number in browser and accessing the
    > Internet. How can I prohibit such activities? My network is on
    > 192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
    > (take these IP addresses as an example). I can access 195.2.104.0
    > network from my location. I am using Squid Proxy server on Linux
    > RH8.Can anyone suggests use of IPTABLES to achieve this?

    I also wanted that feature and stubled across it in a news group by accident.
    Here is an excerpt of the last post in that thread.
    (This suggestion requires the use of iptables and not ipchains.)
    Just replace the to-port "3129" with the port of your squid

    I also suggest you check if eth0 is your LAN. I think he who suggested
    this iptables rule use eth0 as the LAN interface.

    (btw, I havent implemented this feature my self yet :-)=
    I often saves features I might want in the future, in text files.)

    ====
    >> If you want transparent Squid proxying, use this line too:
    >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    > Do I understand this correct if I say this will FORCE the use of a proxy
    > regardless of (missing) proxy settings in the browsers (throghout the
    > network)?

    Only for those connecting to port 80 of a remote machine, which is certainly
    the bulk of browser connections. All other ports (such as 21, 443, 8080, etc.)
    will be connected exclusive of any proxy, since they don't qualify for the
    REDIRECT conditions as stated.
    ====

    btw, here is the original thread (archived). (watch for line wrap)
    http://groups.google.com/groups?hl=no&lr=&ie=UTF-8&th=9261a06a44544933&seekm=407aaf46_7%40corp.newsgroups.com&frame=off

    - --
    Solbu - http://www.solbu.net
    Remove 'ugyldig' for email
    PGP key ID: 0xFA687324
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQFAuvkET1rWTfpocyQRAkS5AKCsY9H+IEHRsSHYeAlJGZ2MCPOdogCgkzTn
    BM8LMQQnoB0u/KsOp320ZNE=
    =hPIl
    -----END PGP SIGNATURE-----
  3. Archived from groups: comp.security.firewalls (More info?)

    On 30 May 2004 21:55:06 -0700, ssp2000 spoketh

    >Some of the users at my location are accessing the Internet by
    >bypassing the in-house proxy server. They are just typing the upstream
    >proxy server IP address and port number in browser and accessing the
    >Internet. How can I prohibit such activities? My network is on
    >192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
    >(take these IP addresses as an example). I can access 195.2.104.0
    >network from my location. I am using Squid Proxy server on Linux
    >RH8.Can anyone suggests use of IPTABLES to achieve this?

    The same question in two different threads in three days? You didn't
    like the answers you got three days ago?

    If you don't want people to surf the net without going through your
    proxy, the obvious solution is to only allow your proxy server access to
    the internet on the usual web browsing ports (80, 443). You can also
    explicitly block access to the IP address of the proxy server that your
    employees are using.


    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
  4. Quote:
    Archived from groups: comp.security.firewalls (More info?)

    Some of the users at my location are accessing the Internet by
    bypassing the in-house proxy server. They are just typing the upstream
    proxy server IP address and port number in browser and accessing the
    Internet. How can I prohibit such activities? My network is on
    192.168.7.0 and IP address of upstream proxy server is 195.2.104.7
    (take these IP addresses as an example). I can access 195.2.104.0
    network from my location. I am using Squid Proxy server on Linux
    RH8.Can anyone suggests use of IPTABLES to achieve this?



    If you push a firewall policy that only allows HTTP and HTTPs traffic to be received by the proxy I P address, they cannot bypass it.
Ask a new question

Read More

Firewalls IP Address Proxy Servers Networking