"Broadcasting" a proxy address from Red Hat 8 Server

Posted on 2006-04-17
Last Modified: 2010-03-18
We have web filter software running on a Red Hat 8 server.  For the filtering to work, we have to go into IE and Firefox on each machine and change the settings to use a proxy server address.  However, if the user knows how to change it back to "auto", they bypass the filter.  What I want to do is have all users go through the filter then turn off Internet access unless they go through the proxy first.  Is there a way to "broadcast" the proxy address and port from the Linux server without having to go to each person's machine?  Currently, we are going to each machine and specifiying the proxy and port in LAN settings.  It seems like this would not allow them to surf outside of our network.  I.e., if they took their laptop home.  Plus, it is time consuming to go to each machine and change these settings.
Question by:shannon_adams
    LVL 27

    Expert Comment

    There is a way to setup 'auto' proxy address.

    For doing that, you need:
    - DHCP server (optional)
    - all machines configured as having same domain suffix (this can be done via DHCP)
    - DNS server (it should be owner of master zone of your domain, it may be local domain suffix)
    - Apache server
    - basic knowledge of JavaScript.

    It's a good starting point:

    Common steps are:
    1) Configure your DNS, add 'wpad' host entry, pointing to your apache
    2) Configure your apache WEB server, add virtual host
    3) Create javascript file wpad.dat and place it to the root directory of Your proxy address will be there.
    4) Configure apache to provide content-type 'application/x-ns-proxy-autoconfig' for file wpad.dat

    LVL 19

    Accepted Solution


    what you need in order to avoid users to bypass the proxy is the "transparent proxy" feature of squid.

    first you need to redirect ALL outgoing http requests from tcp/80 to port 3128 (where squid listen) with:
    iptables -t nat -A PREROUTING -p tcp -i $LAN  --dport 80 -j REDIRECT --to-port 3128
    ($LAN should be replaced by your lan interfase: eth0 or eth1 or whatever it is)

    then in squid be sure you add this rules:
        * httpd_accel_host virtual
        * httpd_accel_port 80
          (or whatever port you want to proxy)
        * httpd_accel_with_proxy on
        * httpd_accel_uses_host_header on

    well, I found a goodhowto:

    and this is a quick howto:
    LVL 19

    Expert Comment

    one more thing...

    upgrade your system!!! RedHat 8 is out of support, and being a rpm based distro, it's more dificult to maintain that boxes secure.

    LVL 5

    Expert Comment

    one simple xp based solution i can tell u, just go to run under xp and type mmc it ll open one window then go to file and click on Add/RemoveSnap in, then add Grouppolicy. then choose
    user configuration and then windows components and then click on internet disable connection tab as well as select proxy option in this way user wont be able to change the proxy setting.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now