Hi,
On Tue, Jun 23, 2009 at 8:36 PM, omar maiah<omar.maiah_at_gmail.com> wrote:
>
> I have in my network a proxy server, but when users change the proxy
> settings from their windows internet setting the can bypass my proxy, so how
> can i force them only to go to the internet through my proxy.
> P.S : I need some kind of configuration that i can apply on my switch or
> router.
You could always deny outbound HTTP packets (and/or whatever protocols
you are proxying) unless they come from the proxy server..
Example Internet edge router configuration:
ip access-list extended FILTER
permit tcp host 192.168.1.10 any eq http
permit tcp host 192.168.1.10 any eq https
deny tcp any any eq http
deny tcp any any eq https
permit ip any any
!
interface FastEthernet0/0
description *** inside interface ***
ip address 192.168.1.1 255.255.255.0
ip access-group FILTER in
!
end
Otherwise, if you want to transparently redirect traffic to your web
proxy, that's a job for WCCP.
cheers,
Dale
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 23 2009 - 21:34:43 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:37 ART