cannot access gmail when bypassing proxy server (sometimes not always !!!!????)
-
A proxy is th right tool for that job but if you are not proxying HTTPS connections people won't even realize that they are blocked. They can just switch protocols and bypass the proxy. As all those sites offer HTTPS. If you block HTTPS then you have other issues.
But to use a proxy well, everyone should go through it, not just some people. The proxy should decide who gets what access.
-
yes, but the proxy server can block also https if and only if the browser is aware of the proxy server, and if the browser not using any proxy server the https traffic will pass through the proxy but the proxy will be unable to do anything with it,
-
@IT-ADMIN said:
yes, but the proxy server can block also https if and only if the browser is aware of the proxy server, and if the browser not using any proxy server the https traffic will pass through the proxy but the proxy will be unable to do anything with it,
In the way that you have set it up, yes. That need not be the case. There are many ways to architect the proxy server.
-
I've not done this in a very long time. But HTTPS setup is the correct answer to push everything through the proxy. Otherwise you need to move the proxy out of the packet path so that the bypassing clients can fully bypass it.
http://www.howtoforge.com/filtering-https-traffic-with-squid
-
i think it is time to try sophos UTM, because really this temporarily nature of this problem broke my trust toward pfSense, and what annoy me more i cannot find any explanation for this problem,
because the problem itself is not annoying but when you can't figure out the cause of the problem, that time you hate yourself. hhhh -
and this what lower my self confidence sometimes when i cannot find a cause for an IT problem, or a solution for it, since i don't have strong IT experience this take it toll on me
-
Using Squid proxy is definitely a more advanced UNIX task.
For your light need, have you considered something more simple like using hosts files? Really simple to maintain.
-
but if use only host file, sure there will be some users who will manage to access those blocked website, i think it is not a reliable solution, isn't it???
-
@IT-ADMIN said:
but if use only host file, sure there will be some users who will manage to access those blocked website, i think it is not a reliable solution, isn't it???
Can't the work around by using HTTPS now?
-
It's easier to work around all this than it is to not because you can make an external hairpin to bypass pretty much any proxy. Even billion dollar international firms can't really get around that easily.
-
I used to use Squid, but now use Trend Micro Worry-Free Business Security installed on all my clients. This handles antivirus and web protection, and the GUI makes it very easy to block specific websites or categories of websites. I haven't implemented any Active Directory integration, which is limiting, but I'm not sure how easy that is with Squid either?
I'm also trialling GFI Webmonitor, which offers a similar service but is cloud based, and therefore easier to manage our home workers.
But I used to like the Squid logs for investigating what users were up to at any given point in time. Neither Trend or GFI provides that functionality. So I may go back to Squid.
-
what about this temporarily nature of this problem, anyone can guess with me how this occur only sometimes ????!!!!!
-
can this have any explanation ?????
-
I think we need a network map to understand exactly how things are flowing through the existing proxy.
-
ok, i will make a simple network map to make thing more clear
thank you very much
-
Thanks.
-
ok, my network map is the following, if someone can guess with me why this problem happen only sometimes,
thank you so much fir any clarification ...
-
Thanks, that helps a lot.
-
hopefully someone give me an explanation why this problem occur
-
We're wracking our brains on this but it is very odd, which, of course, is why you are having the issue
My only guess is that it has to do with the transparent proxy situation. The proxy is in line for all traffic, so it might be somehow interfering in an unpredictable way, but I cannot determine how.