Re: Fwd: [m0n0wall] dansguardian squid transparent proxy rdr

From:	"C. Andrew Zook" <andrewzook at pdqlocks dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: Fwd: [m0n0wall] dansguardian squid transparent proxy rdr
Date:	Thu, 28 Dec 2006 12:12:10 -0500

Agreed - This is how I do it. I use Tinyproxy and DG. I block all web 
access with M0n0 except for the proxy server. Then I use automatic 
browser configuration (google wpad and proxy.pac).

I also output the log files in squid format and use a program called 
"srg" which is run every 15 minutes as a cron job so that I can check up 
on what the users are surfing.

I love it! My users hate it ;-)

Andy

> You need to use the proxy by configuring your clients to use it, and not
> using an intercepting proxy.  When the browsers are configured for the
> proxy they will send a CONNECT request.  You will then be able to block
> based on the destination server (domain name or IP address), but you
> won't see the URL path at all.
>
> This means you still have a log of what server the user connected to but
> not exactly what they did whilst they were there.  Which is the best
> you'll get without breaking the certificate chain and having the user
> prompted on each request (which is technically possible but really
> screws around with the authenticity of a secure connection).
>
> HTH,
>
>
>                                 Neil.
>
>