Squid question


I have Windows 2003 server installed, and i have installed (and configured) the Squid proxy server... it works fine, but i have the following problem:

When i configure the proxy parameters on the client web navigators (i.e. Internet Explorer), it works as it should, but if i delete the proxy configuration, the client can access internet without restrictions....

My question is, how can i configure my lan (or squid), so that my clients must use the proxy configuration to access internet? (in other words, if they don't use such proxy, they won't have internet access at all)

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You must configure the rules on the gateway (firewall) to block port 80 outbound for the IP range of the clients you want to force to use the proxy.  Make sure the proxy server is not included in the block range.

This way, the clients can only access port 80 via the proxy server, not directly.

Hope that helps.
kalvilloAuthor Commented:
could you explain in more detail, please? :)
I'll answer your question with a few questions.  ;)

1) I assumed that you are concerned that your users could delete the proxy settings and circumvent the squid proxy, is that your primary concern?
2) Do you have knowledge of/access to of the firewall you are using?
3) If not, do you have a firewall admin (person or company)?

Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

kalvilloAuthor Commented:
1- yes, i know that my users could erase the proxy settings, but i prefer that they have no internet at all, rather than having access-free internet.
2- I don't have any firewall installed, i just have a router.
3- No, i don't have any.
Ok, a few more questions:

1) what type of environment? home? business? how many pc's are you dealing with?
2) did you buy the router from a store or did it come from your ISP?
3) what kind of router is it?  brand/model #
4) have you logged into it using a web browser before?
kalvilloAuthor Commented:
1-bussiness... i have 2 PCs, 1 Windows 2003 server and 5 OSX
2- I bought my router from a store; such router is directly connected to my ISP's modem
3-Router: Belkin Model F5D7230-4
   ISP's modem: 2Wire model RG2071-00
4-Yes, i have... to both of them
Thanks for the info - I think I've got enough to answer your question.

You'll need to add some rules to your router to block the clients from accessing the internet directly from the router.  It looks like the router you have will allow you to set up filters to handle this.

Try this:
- log into the router's web-based admin page
- on the left, in the Firewall section, click 'Client IP Filters'

This section should let you set up IPs to filter.  As long as you know the IP address of the clients you want to block, you should be able to set up a filter (or filters) to block them.

It looks like there may be slightly different versions of the detail setup of this page, but there should be an option to add a new filter, and when you click it you should be prompted for most, if not all of the following:

- Name (name for this filter)
- IP address (might be a range)
- Service or Port (might be a name or port)
--- if it's a name, select 'internet'
--- if it's a port, use 80 (if a range, put 80 in both)
- Type (TCP/UDP/Both), select Both
- Time range or Always, select Always
- Enabled checkbox, make sure it's checked

Once you've got the info entered, there should be a 'save' button to click.  There's also usually an 'Apply' button on the main page that shows a list of all filters you have set up.  Make sure you click this button as well.

If everything works the way it should, this should get you what you're after.  The blocked IP(s) should now only have internet access via the proxy.

Let me know how it goes.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kalvilloAuthor Commented:
One question... the IP's that you're refering to, are the local machines?
kalvilloAuthor Commented:

I tried your solution using my PC (ip x.x.x.29), but i still can access to internet without using the proxy.

Yes, the IPs are the IPs of the local machines on your network.

On your test filter, try changing the 'Block Time' field to 'Always' instead of 'Block'.

Since you didn't choose always and your from/to day/times are the same, it will probably never execute the block.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.