Re: Blocking access except through proxy

From: <patrickg@dont-contact.us>
Date: Fri, 19 Nov 1999 20:28:56 -0800 (PST)

On Sat, 20 Nov 1999, Jason Thompson wrote:

> Hi All,
>
> I am just wondering if anyone has implimented a system where port 80 (ie WWW) is blocked to all
> clients, so they are forced to use the proxy server. Without using any
> type of transparent proxy?

> All of the clients see the server as the default router as well as the proxy. What I want to do
> is use the standard firewalling code in Linux to block access to the WWW
> directly, so all clients must use the proxy server.

You could do this, but simply blocking access doesn't make a lot of sense
given the trouble it might cause your users, especially in light of
freely-available transparent proxies.
 
> This is for 2 reasons, one we have passwords on Internet access so we can log pages to a
> specific username, and secondly because the server is in an educational
> establishment our isp offers a 'protected' Internet service, but only if
> you go through thier proxy. Which is why we do not want ot allow direct
> access.

There is no reason a transparent proxy shouldn't be able to handle this,
directing authentication requests/tracking and any other requests to the
appropriate locations, in combination with filters on your router(s) to prevent
direct web access.

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell
                       Earth is a single point of failure.
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
 
Received on Fri Nov 19 1999 - 21:38:51 MST

This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT