web filtering using Host file
-
the problem is proxy server can easily bypassed by portable application like firefox, this is the problem
-
@IT-ADMIN said:
the problem is proxy server can easily bypassed by portable application like firefox, this is the problem
That's because it isn't completely set up. It is just an optional proxy. That's why the proxy plus firewall is the complete setup, a proxy is useless all by itself. The firewall ensures that you cannot bypass the proxy by blocking all web traffic that doesn't originate from the proxy. A correctly setup proxy cannot be bypassed. Every Fortune 1000 uses proxy servers and keeps them from being bypassed.
-
pfSense is firewall and proxy,
so what will be the role of the firewall in this scenario, he will block what exactly ??? -
@IT-ADMIN said:
pfSense is firewall and proxy,
so what will be the role of the firewall in this scenario, he will block what exactly ???It blocks all outbound Port 80 and Port 443 except for for the proxy server. That way ALL web traffic has to go through the proxy, no matter what. You can bypass the proxy still, but there is nowhere to go because the web only exists through the proxy server.
-
firewall rules can block traffic based on IPs, not URLs
-
aahh i see what you mean Mr Scott, i should block all traffic except for outbound traffic going to my proxy server
-
@IT-ADMIN said:
firewall rules can block traffic based on IPs, not URLs
And by ports, most importantly.
-
@IT-ADMIN said:
aahh i see what you mean Mr Scott, i should block all traffic except for outbound traffic going to my proxy server
Exactly. That takes care of the general networking workaround. Now the proxy is in control of traffic and can determine where people can go.
-
i just test it right now, but it has affected other ports like outlook, now i cannot sent and receive mails,
-
@IT-ADMIN said:
i just test it right now, but it has affected other ports like outlook, now i cannot sent and receive mails,
Only block 80/443 for now. The proxy doesn't handle other protocols.
-
yes, i will open all ports except 80 and 443 for all destination, and for those 2 ports i should forward them only to the proxy IP
-
yes, now i understand your wise sentence, proxy by itself cannot do the job except with the collaboration of the firewall rules
-
@IT-ADMIN said:
yes, i will open all ports except 80 and 443 for all destination, and for those 2 ports i should forward them only to the proxy IP
Exactly.
-
@IT-ADMIN said:
yes, now i understand your wise sentence, proxy by itself cannot do the job except with the collaboration of the firewall rules
Yes, one for the networking portion and one for the web portion.
-
yes you are right, thank you very much for your help and willingness to share your knowledge
-
@IT-ADMIN said:
yes you are right, thank you very much for your help and willingness to share your knowledge
Glad to help
-
by doing this portable browser cannot access the web unless they enter proxy setting (of the proxy), so they will be obliged to pass through the proxy, otherwise they cannot access the web
-
@IT-ADMIN said:
by doing this portable browser cannot access the web unless they enter proxy setting (of the proxy), so they will be obliged to pass through the proxy, otherwise they cannot access the web
Correct
-
and if they don't know my proxy setting they will contact me so that i will know who try to bypass the company policies and then i will make for them a good report with the manager hhhhhh
-
@IT-ADMIN said:
and if they don't know my proxy setting they will contact me so that i will know who try to bypass the company policies and then i will make for them a good report with the manager hhhhhh
True. Although they will probably just fall back to the company browser at that point.