[ previous ] [ next ] [ threads ]
 From:  "C. Andrew Zook" <andrewzook at pdqlocks dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Fwd: [m0n0wall] dansguardian squid transparent proxy rdr
 Date:  Thu, 28 Dec 2006 12:12:10 -0500
Agreed - This is how I do it. I use Tinyproxy and DG. I block all web 
access with M0n0 except for the proxy server. Then I use automatic 
browser configuration (google wpad and proxy.pac).

I also output the log files in squid format and use a program called 
"srg" which is run every 15 minutes as a cron job so that I can check up 
on what the users are surfing.

I love it! My users hate it ;-)


> You need to use the proxy by configuring your clients to use it, and not
> using an intercepting proxy.  When the browsers are configured for the
> proxy they will send a CONNECT request.  You will then be able to block
> based on the destination server (domain name or IP address), but you
> won't see the URL path at all.
> This means you still have a log of what server the user connected to but
> not exactly what they did whilst they were there.  Which is the best
> you'll get without breaking the certificate chain and having the user
> prompted on each request (which is technically possible but really
> screws around with the authenticity of a secure connection).
> HTH,
>                                 Neil.