[c-nsp] proxy anonymizer blocking
James Bensley
jwbensley at gmail.com
Sun Jul 24 09:42:21 EDT 2011
On Jul 24, 2011 2:34 PM, "Andrew Miehs" <andrew at 2sheds.de> wrote:
>
> And this works? If the users can change their proxy settings, they can
normally change
> c:\windows\system32\etc\hosts (or whatever the file is called).
>
> The only solution we have found that really works is not allowing clients
directly into the
> Internet. All traffic must traverse the DMZ. If they want http, they need
to use the HTTP
> proxy that we provide them - not that they have much choice - group
policies, etc.
Yes, the default gateway for the clients where Linux boxes running iptables
with squid and squidGuard, acting as transparent proxies, you had no choice
but to go through the proxy.
--James.
More information about the cisco-nsp
mailing list