Re: [squid-users] Need Ideas

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 3 Sep 2004 17:25:57 +0200 (CEST)

On Fri, 3 Sep 2004, Rick G. Kilgore wrote:

> The second networks, routers and layer three switchs are controled by
> a higher state network group, much like an ISP with no single point of
> ingress or egress. The deparment that I am trying to help would like to use
> squid to finally lock down Internet access due to virus/malware/spyware and
> just junk slowing machines down.
>
> The network is spread across several subnets, buildings ect. The
> network does use DHCP. Can I use squid as a gateway so to speak. I.E. change
> the DHCP for the affected subnets to point to an interface on the squid
> server and allow all traffic through it with the ability to block and filter
> Internet access. Or is this just a plain bad idea. The section I am working
> with really does not want to install a large number of squid servers to try
> and resolve the problem.

The best solution is to talk to the "ISP" to make sure direct access to
the WWW is blocked for all stations except the proxy, then set up DHCP and
preferably also the DNS to return WPAD configuration data giving the users
automatic discovery of the proxy service or go around to the stations and
configure proxy settings manually.

As long as the Network infrastructure supports direct unlimited access to
the Internet users who like to will find out how to use this, even if you
try to hint them not to via DHCP and similar. Also if the network is
spread out this is not really an option as you then need to have some
precense in each and every LAN / DHCP scope where to have the traffic
redirected, and these will also become a bottleneck for the whole network
not just Internet traffic.

Regards
Henrik
Received on Fri Sep 03 2004 - 09:25:59 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:01 MDT