HPE Community
Operating System - Linux
1819684 Members
3532 Online
109605 Solutions
New Discussion юеВ

Re: SQUID allows autodetect settings in IE

 
nibble
Super Advisor

тАО08-09-2005 03:05 PM

тАО08-09-2005 03:05 PM

SQUID allows autodetect settings in IE

hi guys, help on this please.

ive got squid with authentication setting. using IE, if use proxy is set, authentication works and the user can use the internet.

but if IE is set to Automatically Detect Settings (w/o proxy), it still can...

i want to control it as much as possible, that they need to use the proxy so that they need to authenticate first..
any idea how to do this in the squid or iptables perhaps?

thanks,
0 Kudos
4 REPLIES 4
Steven Chan_9
Frequent Advisor

тАО08-09-2005 04:02 PM

тАО08-09-2005 04:02 PM

Re: SQUID allows autodetect settings in IE

Hi~

You can use proxy.pac or wpad.dat.

With proxy.pac, you can put this script on any webserver then setup client's IE to get configuration form this webserver.

With wpad.dat, you can put this sctipt to a webserver name "wpad" in your client's domain then setup client's IE to auto detact proxy.

For proxy.pac:

http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html

For wpad.dat

http://www.wrec.org/Drafts/draft-cooper-webi-wpad-00.txt

But if you want to force all clients' IE to access Internet via you proxy server, you'd better disable all you clients' Internet access form your firewall.

regards,
Steven Chan
0 Kudos
Bejoy C Alias
Respected Contributor

тАО08-09-2005 04:39 PM

тАО08-09-2005 04:39 PM

Re: SQUID allows autodetect settings in IE

U can use acl for restricting access to the squid proxy based on ip address on user name, passwd combinations. If u want to allow only a certain ips , then u can add something like below in ur squid.conf file's acl section .

acl test src 192.168.1.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0

Then add the following to the http_access section

http_access allow test
http_access deny all

This will allow access for only the ip 192.168.1.1 and all the other addresses will be blocked . U can add ur ips before the 'acl all ' and in http_access .
Be Always Joy ......
0 Kudos
Patrick Terlisten
Honored Contributor

тАО08-11-2005 06:07 PM

тАО08-11-2005 06:07 PM

Re: SQUID allows autodetect settings in IE

Hello,

be sure that you clients can├В┬┤t reach the internet over the standard gateway. Your standard gateway must deny the internet access for you clients, so that the clients _must_ use the proxy to reach the internet.

Regards,
Patrick
Best regards,
Patrick
0 Kudos
nibble
Super Advisor

тАО09-03-2006 10:44 PM

тАО09-03-2006 10:44 PM

Re: SQUID allows autodetect settings in IE

thanks!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.