Topic: Disabled Transparent Proxy, Web still accessible

[GlitchFreak]

Hey everyone

I setup my clients box to use NCSA auth to access the web. They need to manually setup proxy settings to enable the auth procedure.

I disabled transarent proxy for this reason.I f the user disables the proxy settings in the web browser, they can access the web without authentication.

Any pointers please?

Thanks!

[Franco]

Hi,
Assuming you went with Dansguardian, then http://wiki.contribs.org/Dansguardian#Configuring_your_system_to_force_Dansguardian_usage_.26_prevent_bypassing

[GlitchFreak]

Have already done so...

Code: [Select]

[root@gateway ~]# config show squid
squid=service
    EnforceSafePorts=no
    RequireAuth=nsca
    SafePorts=21,70,80,81,119,210,443,563,980,1024-65535
    TCPPort=3128
    TCPProxyPort=80:3128
    Transparent=no
    TransparentPort=8080
    access=private
    status=enabled

Code: [Select]

[root@gateway ~]# config show dansguardian
dansguardian=service
    portblocking=yes
    status=enabled

That is why I find it bizarre that they are able to access the web

[Franco]

very strange, my setup is the same and works fine.
Do you see activity when reading the squid and dansguardian logs?

[stephen noble]

http://bugs.contribs.org/show_bug.cgi?id=4820#c5

the workaround is don't disable transparent proxy
then 80 diverts to 3128
and enable portblocking
3128 is blocked

[GlitchFreak]

Thanks snoble. Will give it a shot and report back...

On a side note, should this not be included in the wiki?

[GlitchFreak]

Looks like the fix worked.

Thanks SNoble

[David Harper]

Updated the wiki; see http://wiki.contribs.org/Dansguardian#Configuring_your_system_to_force_Dansguardian_usage_.26_prevent_bypassing

[GlitchFreak]

Thanks David.