|
restrict users to bypass the squid proxy server
Hi
I want to restrict users to bypass the proxy... from where I can restrict users to bypass the proxy means which file I have to amend............. |
[root@localhost /]# vi rc.nat
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT # forward POP traffic iptables -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT # forward POP traffic #iptables -P FORWARD DROP # don't know about this line function please guide #iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # don't know about this line function please guide #iptables -A FORWARD -i $eth1 -o $eth0 -m state --state NEW \-m mac --mac-source 00-15-B7-33-6A-57 -j ACCEPT # bypass Squid for defined MAC iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port # To redirect the Port 80 traffic to squid iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.33.4:3128 #iptables -I INPUT -m mac --mac-source 00-15-B7-33-6A-57 -j DROP # Sample statement for droping specific mac address #iptables -I INPUT -m mac --mac-source 00-15-B7-33-6A-57 -j ACCEPT # Sample statement for Accpet specific mac address #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # every request should go throught the iptables #iptables -A FORWARD -p TCP --dport 5000-5001 -j DROP #block Yahoo voice chat iptables -A FORWARD -p TCP --dport 1863 -j DROP # block MSN Messanger iptables -A FORWARD -d 207.46.110.0 -j DROP # block MSN Messanger iptables -A FORWARD -d 207.46.104.20 -j DROP # block MSN Messanger iptables -A INPUT -j DROP -p tcp --destination-port 80 -i eth0 # try to drop port 80 traffic through this line #iptables -A INPUT -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line #iptables -I FORWARD 1 -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line ####### I am not sure which one line is correct to drop/reject the port 80 traffic I used these lines because after running this script users can bypass the proxy....... which I dont want#######################3 |
In the result of all these lines
I got this message on client computer in IE under no configuration of Proxy ERROR The requested URL could not be retrieved While trying to process the request: GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PREF=ID=cfc5d3a62e06a3e0:TM=1249471994:LM=1249471994:S=SziEiSVgRNcnlDFQ The following error was encountered: * Invalid Request Some aspect of the HTTP Request is invalid. Possible problems: * Missing or unknown request method * Missing URL * Missing HTTP Identifier (HTTP/1.0) * Request is too large * Content-Length missing for POST or PUT requests * Illegal character in hostname; underscores are not allowed Your cache administrator is root. Generated Wed, 05 Aug 2009 14:56:41 GMT by localhost.localdomain (squid/2.6.STABLE16) #####IS IT POSSIBLE TO AMEND THIS MESSAGE ACCOURDING TO MY NEEDS......######################## |
| All times are GMT -5. The time now is 09:10 AM. |