Omar,
I second Dale on that. I am using WCCP its transparent and user do not have
to set the proxy in their browsers. For sure you proxy have to support this
feature and its a router function not a switch.
if u need to get an idea about WCCP here is a link that might help
http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_wccp_ps6350_TSD_Products_Configuration_Guide_Chapter.html
Ali
On Tue, Jun 23, 2009 at 2:34 PM, Dale Shaw <dale.shaw_at_gmail.com> wrote:
> Hi,
>
> On Tue, Jun 23, 2009 at 8:36 PM, omar maiah<omar.maiah_at_gmail.com> wrote:
> >
> > I have in my network a proxy server, but when users change the proxy
> > settings from their windows internet setting the can bypass my proxy, so
> how
> > can i force them only to go to the internet through my proxy.
> > P.S : I need some kind of configuration that i can apply on my switch or
> > router.
>
> You could always deny outbound HTTP packets (and/or whatever protocols
> you are proxying) unless they come from the proxy server..
>
> Example Internet edge router configuration:
>
> ip access-list extended FILTER
> permit tcp host 192.168.1.10 any eq http
> permit tcp host 192.168.1.10 any eq https
> deny tcp any any eq http
> deny tcp any any eq https
> permit ip any any
> !
> interface FastEthernet0/0
> description *** inside interface ***
> ip address 192.168.1.1 255.255.255.0
> ip access-group FILTER in
> !
> end
>
> Otherwise, if you want to transparently redirect traffic to your web
> proxy, that's a job for WCCP.
>
> cheers,
> Dale
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 23 2009 - 14:56:57 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:37 ART