https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917155#M84221 thanks! Mon, 04 Sep 2006 05:44:55 GMT nibble 2006-09-04T05:44:55Z https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917151#M84217 hi guys, help on this please.<BR /><BR />ive got squid with authentication setting. using IE, if use proxy is set, authentication works and the user can use the internet.<BR /><BR />but if IE is set to Automatically Detect Settings (w/o proxy), it still can...<BR /><BR />i want to control it as much as possible, that they need to use the proxy so that they need to authenticate first..<BR />any idea how to do this in the squid or iptables perhaps?<BR /><BR />thanks, Tue, 09 Aug 2005 22:05:59 GMT https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917151#M84217 nibble 2005-08-09T22:05:59Z https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917152#M84218 Hi~<BR /><BR />You can use proxy.pac or wpad.dat.<BR /><BR />With proxy.pac, you can put this script on any webserver then setup client's IE to get configuration form this webserver.<BR /><BR />With wpad.dat, you can put this sctipt to a webserver name "wpad" in your client's domain then setup client's IE to auto detact proxy.<BR /><BR />For proxy.pac:<BR /><BR /><A href="http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html" target="_blank">http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html</A><BR /><BR />For wpad.dat<BR /><BR /><A href="http://www.wrec.org/Drafts/draft-cooper-webi-wpad-00.txt" target="_blank">http://www.wrec.org/Drafts/draft-cooper-webi-wpad-00.txt</A> <BR /><BR />But if you want to force all clients' IE to access Internet via you proxy server, you'd better disable all you clients' Internet access form your firewall.<BR /><BR />regards,<BR />Steven Chan Tue, 09 Aug 2005 23:02:57 GMT https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917152#M84218 Steven Chan_9 2005-08-09T23:02:57Z https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917153#M84219 U can use acl for restricting access to the squid proxy based on ip address on user name, passwd combinations. If u want to allow only a certain ips , then u can add something like below in ur squid.conf file's acl section .<BR /><BR />acl test src 192.168.1.1/255.255.255.255<BR />acl all src 0.0.0.0/0.0.0.0<BR /><BR />Then add the following to the http_access section<BR /><BR />http_access allow test<BR />http_access deny all<BR /><BR />This will allow access for only the ip 192.168.1.1 and all the other addresses will be blocked . U can add ur ips before the 'acl all ' and in http_access . Tue, 09 Aug 2005 23:39:00 GMT https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917153#M84219 Bejoy C Alias 2005-08-09T23:39:00Z https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917154#M84220 Hello,<BR /><BR />be sure that you clients can´t reach the internet over the standard gateway. Your standard gateway must deny the internet access for you clients, so that the clients _must_ use the proxy to reach the internet.<BR /><BR />Regards,<BR />Patrick Fri, 12 Aug 2005 01:07:14 GMT https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917154#M84220 Patrick Terlisten 2005-08-12T01:07:14Z https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917155#M84221 thanks! Mon, 04 Sep 2006 05:44:55 GMT https://community.hpe.com/t5/operating-system-linux/squid-allows-autodetect-settings-in-ie/m-p/4917155#M84221 nibble 2006-09-04T05:44:55Z