Topic: External proxies

[besterl]

In squid I block keywords eg. porn.

One of the sites I am currently blocking is Facebook.

Some of the users are getting clever now and are starting to use an external anonymous proxy using port 3128 (Same as my onsite proxy).

I want to block it using the RiffRaff method, but I am not sure of the details I need to place in this template.

For example - If I want to block all access to 123.123.123.123 port 3128 TCP, what do I need to place in the 40DenyRiffRaff template

Thanks

[Stefano]

none of your users should be able to change the proxy setup.. none of your users should be a local administrator..

IMHO you should change point of view.. instead changing SME, try to change your users' attitude..

[janet]

besterl

Alternatively use the functionality of Dansguardian to force usage of the local DG proxy port
http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy

[mmccarn]

Here is some info you could use to block all outgoing traffic from your LAN workstations without installing dansguardian:
http://wiki.contribs.org/Firewall#Block_outgoing_ports

[piran]

I want to block it using the RiffRaff method, but I am not sure of the details I need to place in this template.
For example - If I want to block all access to 123.123.123.123 port 3128 TCP, what do I need to place in the 40DenyRiffRaff template

That 40DenyRiffRaff template, as supplied, blocks all stuff 'incoming'
...whereas I suspect you want/need to block stuff 'outgoing'?
Should I want to do this here then I would do it on the router.
Dead simple... a few options in the packet sniffing firewall configuration.
YMMV