kalvillo
asked on
Squid question
Hi.
I have Windows 2003 server installed, and i have installed (and configured) the Squid proxy server... it works fine, but i have the following problem:
When i configure the proxy parameters on the client web navigators (i.e. Internet Explorer), it works as it should, but if i delete the proxy configuration, the client can access internet without restrictions....
My question is, how can i configure my lan (or squid), so that my clients must use the proxy configuration to access internet? (in other words, if they don't use such proxy, they won't have internet access at all)
Thanks
I have Windows 2003 server installed, and i have installed (and configured) the Squid proxy server... it works fine, but i have the following problem:
When i configure the proxy parameters on the client web navigators (i.e. Internet Explorer), it works as it should, but if i delete the proxy configuration, the client can access internet without restrictions....
My question is, how can i configure my lan (or squid), so that my clients must use the proxy configuration to access internet? (in other words, if they don't use such proxy, they won't have internet access at all)
Thanks
ASKER
could you explain in more detail, please? :)
I'll answer your question with a few questions. ;)
1) I assumed that you are concerned that your users could delete the proxy settings and circumvent the squid proxy, is that your primary concern?
2) Do you have knowledge of/access to of the firewall you are using?
3) If not, do you have a firewall admin (person or company)?
1) I assumed that you are concerned that your users could delete the proxy settings and circumvent the squid proxy, is that your primary concern?
2) Do you have knowledge of/access to of the firewall you are using?
3) If not, do you have a firewall admin (person or company)?
ASKER
1- yes, i know that my users could erase the proxy settings, but i prefer that they have no internet at all, rather than having access-free internet.
2- I don't have any firewall installed, i just have a router.
3- No, i don't have any.
2- I don't have any firewall installed, i just have a router.
3- No, i don't have any.
Ok, a few more questions:
1) what type of environment? home? business? how many pc's are you dealing with?
2) did you buy the router from a store or did it come from your ISP?
3) what kind of router is it? brand/model #
4) have you logged into it using a web browser before?
1) what type of environment? home? business? how many pc's are you dealing with?
2) did you buy the router from a store or did it come from your ISP?
3) what kind of router is it? brand/model #
4) have you logged into it using a web browser before?
ASKER
1-bussiness... i have 2 PCs, 1 Windows 2003 server and 5 OSX
2- I bought my router from a store; such router is directly connected to my ISP's modem
3-Router: Belkin Model F5D7230-4
ISP's modem: 2Wire model RG2071-00
4-Yes, i have... to both of them
2- I bought my router from a store; such router is directly connected to my ISP's modem
3-Router: Belkin Model F5D7230-4
ISP's modem: 2Wire model RG2071-00
4-Yes, i have... to both of them
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
One question... the IP's that you're refering to, are the local machines?
ASKER
Hi.
I tried your solution using my PC (ip x.x.x.29), but i still can access to internet without using the proxy.
filter.jpg
I tried your solution using my PC (ip x.x.x.29), but i still can access to internet without using the proxy.
filter.jpg
Hi,
Yes, the IPs are the IPs of the local machines on your network.
On your test filter, try changing the 'Block Time' field to 'Always' instead of 'Block'.
Since you didn't choose always and your from/to day/times are the same, it will probably never execute the block.
Yes, the IPs are the IPs of the local machines on your network.
On your test filter, try changing the 'Block Time' field to 'Always' instead of 'Block'.
Since you didn't choose always and your from/to day/times are the same, it will probably never execute the block.
This way, the clients can only access port 80 via the proxy server, not directly.
Hope that helps.