[K12OSN] OT: Limiting to a specific proxy to prevent getting around it

John Lucas mrjohnlucas at gmail.com
Wed Jan 17 11:37:31 UTC 2007 

On Tuesday 16 January 2007 23:23, David Trask wrote:
> Hi all,
>
> I'm probably going to confuse even myself before I'm done.  I'm using an
> SME server (based on CentOS) running DansGuardian for content
> filtering/proxing...etc.  I'm also running proxy auth.  So the way it
> works now....if the user has the proxy server (10.0.0.1 port 8080) set in
> their browser, then they get challenged to log in the moment they try to
> open a browser.  They log in and then surf from there....and are filtered
> according to the group that they are a member of (in other words students
> are filtered more harshly than staff....etc).  If the browser does not
> have the proxy set, then they are transparently proxied and are filtered
> at the default level (which is pretty harsh in our case to encourage
> logging in).  Now my dilemma.  I still need to play with this more, but at
> the moment if I enter a different proxy, such as 195.179.62.1 or something
> like that I may have found on the Internet, I can essentially bypass the
> filter.  What I want to do is to find a way to ONLY accept either no proxy
> setting (thus transparent) or 10.0.0.1 on port 8080....and nothing else.
> If a kid enters any other proxy in their browser....it simply doesn't go
> or gets dropped.  Any ideas?
>

I think this would require a pretty tight firewall policy that would prevent 
using "outside" proxies. Blocking (outgoing) TCP ports 8080 and 3128 would go 
a long way toward preventing attachment to proxies beyond your perimeter 
firewall. An even tighter policy (essentially blocking most outgoing traffic) 
might be required to completely prevent such access. Then there are the 
tunneling services that work through web proxies to worry about :-}


-- 
        "History doesn't repeat itself; at best it rhymes."
                        - Mark Twain

| John Lucas                          MrJohnLucas at gmail.com               |
| St. Thomas, VI 00802                http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W                        AST (UTC-4)                         |

More information about the K12OSN mailing list