block anonymous browsing
Bill Watson
bill at magicdigits.com
Tue Apr 1 20:11:22 UTC 2008
Other than not adhering to the premise of using squid, wouldn't this be
easier in /etc/hosts.deny with a line like:
httpd: ALL EXCEPT 192.168.0. (or whatever your local IP is)
This thought is untested by me, but sounds straight forward enough to maybe
work.
Bill Watson
bill at magicdigits.com
-----Original Message-----
From: redhat-sysadmin-list-bounces at redhat.com
[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Stephen John
Smoogen
Sent: Tuesday, April 01, 2008 12:51 PM
To: redhat-sysadmin-list at redhat.com
Subject: Re: block anonymous browsing
2008/4/1 Anil Saini <anil.ceeri at gmail.com>:
>
>
>
> hello sir
>
> how can block anonymous browsing on my network using squid
> is it possible
Yes it is possible. It takes several steps.
1) Your network has to proxy all traffic in and out of it. This is to make
sure that HTTP traffic gets directed to the proxy versus some other 'proxy'.
2) Squid authentication can be enabled via ldap. This means that the person
has to authenticate before they can use leave the network.
This will only deal with HTTP traffic that is unenecrypted. To deal with SSL
traffic you have to control the browser to in effect man-in-the-middle the
session. This is what some spyware does in that it sets up a local proxy
which it can unencrypt the data so your browser thinks its talking to
https://www.amazon.com but is instead going to http://localhost:38881 and
then encrypted to http://p0wned.com and then to https://www.amazon.com
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed in a
naughty world. = Shakespeare. "The Merchant of Venice"
--
redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
More information about the redhat-sysadmin-list
mailing list