restrict users to bypass the squid proxy server

rashid_47010 · 08-05-2009, 10:21 AM

Hi

I want to restrict users to bypass the proxy...
from where I can restrict users to bypass the proxy means which file I have to amend.............

rashid_47010 · 08-05-2009, 10:33 AM

[root@localhost /]# vi rc.nat

iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT # forward POP traffic
iptables -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT # forward POP traffic

#iptables -P FORWARD DROP # don't know about this line function please guide

#iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # don't know about this line function please guide

#iptables -A FORWARD -i $eth1 -o $eth0 -m state --state NEW \-m mac --mac-source 00-15-B7-33-6A-57 -j ACCEPT
# bypass Squid for defined MAC

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port # To redirect the Port 80 traffic to squid
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.33.4:3128

#iptables -I INPUT -m mac --mac-source 00-15-B7-33-6A-57 -j DROP # Sample statement for droping specific mac address

#iptables -I INPUT -m mac --mac-source 00-15-B7-33-6A-57 -j ACCEPT # Sample statement for Accpet specific mac address

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # every request should go throught the iptables

#iptables -A FORWARD -p TCP --dport 5000-5001 -j DROP #block Yahoo voice chat
iptables -A FORWARD -p TCP --dport 1863 -j DROP # block MSN Messanger
iptables -A FORWARD -d 207.46.110.0 -j DROP # block MSN Messanger
iptables -A FORWARD -d 207.46.104.20 -j DROP # block MSN Messanger

iptables -A INPUT -j DROP -p tcp --destination-port 80 -i eth0 # try to drop port 80 traffic through this line
#iptables -A INPUT -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line

#iptables -I FORWARD 1 -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line

####### I am not sure which one line is correct to drop/reject the port 80 traffic I used these lines because after running this script users can bypass the proxy....... which I dont want#######################3

rashid_47010 · 08-05-2009, 10:35 AM

In the result of all these lines
I got this message on client computer in IE under no configuration of Proxy

ERROR
The requested URL could not be retrieved

While trying to process the request:

GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=cfc5d3a62e06a3e0:TM=1249471994:LM=1249471994:S=SziEiSVgRNcnlDFQ

The following error was encountered:

* Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed

Your cache administrator is root.
Generated Wed, 05 Aug 2009 14:56:41 GMT by localhost.localdomain (squid/2.6.STABLE16)

#####IS IT POSSIBLE TO AMEND THIS MESSAGE ACCOURDING TO MY NEEDS......########################