Obsolete Releases > SME 8.x Contribs
Dansguardian + NCSA Auth
Gert:
How can I prevent users from bypassing dansguardian when using NCSA Authentication.
--- Code: ---Configure your SME Server to use Transparent Proxy port 8080 and to block direct access to the squid proxy port 3128 & redirect port 80 to port 8080
--- End code ---
--- Quote ---If you wish to authenticate users when opening a browser using pam auth method, then you will need to disable Transparent Proxy as it is not compatible with this method.
--- End quote ---
So with the transparent proxy disabled it is easy to bypass dansguardian and that defeats the whole purpose of using dansguardian in the first place. Or am I missing something?
janet:
Gert
Where does it say that in relation to pam auth.
I think you are quoting that out of context.
The section about Filter Groups and Auth login is where it is mentioned, so avoid using Filter groups & you will be OK.
Gert:
Hi Janet
Thank you for the reply. My apologies, I failed to mention I have to use filter groups. And you mentioned without using filter groups it works as expected.
I believe it is same case with NCSA as it is with PAM. So to rephrase my question: How can I prevent bypassing dansguardian when using filter groups?
janet:
Gert
Well you need to consider how the users can bypass dansguardian.
Generally speaking you would need to lock down the settings in workstation Windows (or other desktop software) so users cannot make changes to the proxy server settings in their browser etc eg use of group policies in Windows & such like.
Lock/force access to port 8080 by preventing users from changing that in their browser.
--- Quote ---to rephrase my question: How can I prevent bypassing dansguardian when using filter groups?
--- End quote ---
Gert:
Unfortunately that will not be possible, as there are constantly new computers on the network as well as phones and tablets. I have to find a way to block port 80 on the lan side.
Navigation
[0] Message Index
[#] Next page
Go to full version