[TriLUG] limiting Internet access with squid?
Michael Rothwell
michael at rothwell.us
Mon Mar 19 10:36:28 EDT 2007
On Mar 19, 2007, at 10:18 AM, Greg Brown wrote:
> What I'd like is for Paul to have unrestricted access to the
> Internet but his employees to be blocked from going outbound.
>
> Is this possible with squid? If not, do you have any other ideas?
If Squid is the only way that the computer can reach the internet
(ports 80 and 443 anyway), then, yes. You can set up all the
limitations you want in squid, and if the employees can simply turn
off the proxy settings in the browser and access the internet
directly, then squid does no good.
So...
Step 1: disable egress on the firewall for everything but the machine
running squid.
Step 2: configure squid; see http://www.comfsm.fm/computing/squid/
FAQ-23.html for information about authentication.
Step 3: configure the computer/browser(s) to use squid
Step 4: remind Paul to quit the browser when he's done browsing the
net, or otherwise clear the authentication.
--M
More information about the TriLUG
mailing list