"Broadcasting" a proxy address from Red Hat 8 Server

We have web filter software running on a Red Hat 8 server.  For the filtering to work, we have to go into IE and Firefox on each machine and change the settings to use a proxy server address.  However, if the user knows how to change it back to "auto", they bypass the filter.  What I want to do is have all users go through the filter then turn off Internet access unless they go through the proxy first.  Is there a way to "broadcast" the proxy address and port from the Linux server without having to go to each person's machine?  Currently, we are going to each machine and specifiying the proxy and port in LAN settings.  It seems like this would not allow them to surf outside of our network.  I.e., if they took their laptop home.  Plus, it is time consuming to go to each machine and change these settings.
shannon_adamsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NopiusCommented:
There is a way to setup 'auto' proxy address.

For doing that, you need:
- DHCP server (optional)
- all machines configured as having same domain suffix (this can be done via DHCP)
- DNS server (it should be owner of master zone of your domain, it may be local domain suffix)
- Apache server
- basic knowledge of JavaScript.

It's a good starting point: http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

Common steps are:
1) Configure your DNS, add 'wpad' host entry, pointing to your apache
2) Configure your apache WEB server, add wpad.yourdomain.com virtual host
3) Create javascript file wpad.dat and place it to the root directory of wpad.yourdomain.com. Your proxy address will be there.
4) Configure apache to provide content-type 'application/x-ns-proxy-autoconfig' for file wpad.dat



0
Gabriel OrozcoSolution ArchitectCommented:
shannon_adams:

what you need in order to avoid users to bypass the proxy is the "transparent proxy" feature of squid.

first you need to redirect ALL outgoing http requests from tcp/80 to port 3128 (where squid listen) with:
iptables -t nat -A PREROUTING -p tcp -i $LAN  --dport 80 -j REDIRECT --to-port 3128
($LAN should be replaced by your lan interfase: eth0 or eth1 or whatever it is)

then in squid be sure you add this rules:
    * httpd_accel_host virtual
    * httpd_accel_port 80
      (or whatever port you want to proxy)
    * httpd_accel_with_proxy on
    * httpd_accel_uses_host_header on


well, I found a goodhowto:
http://www.linuxdevcenter.com/pub/a/linux/2001/10/25/transparent_proxy.html

and this is a quick howto:
http://www.tldp.org/HOWTO/TransparentProxy.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gabriel OrozcoSolution ArchitectCommented:
one more thing...

upgrade your system!!! RedHat 8 is out of support, and being a rpm based distro, it's more dificult to maintain that boxes secure.

Regards
0
ranadastidarCommented:
one simple xp based solution i can tell u, just go to run under xp and type mmc it ll open one window then go to file and click on Add/RemoveSnap in, then add Grouppolicy. then choose
user configuration and then windows components and then click on internet disable connection tab as well as select proxy option in this way user wont be able to change the proxy setting.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.