How to Prevent Non Proxy Use of Web Browsers
- From: "Will" <westes-usc@xxxxxxxxxxxxxx>
- Date: Wed, 26 Mar 2008 21:53:10 -0700
I'm configuring several network segments behind our ISA to use web proxy.
So far I like that and really like being able to use DNS names instead of
IPs in my firewall rules through use of DNS objects. What is required to
*force* all web browsing to go through web proxy and forbid direct browsing
without web proxy?
Right now our firewall rules for browsing are access rules that specify the
specific clients that are authorized out as the "From" and the specific DNS
names or IPs that are allowed in the "To" part of rule. Such a rule
appears to support both web proxy and direct HTTP access from the client.
Probably there is a different way to write this if you want to force use of
web proxy?
Some things about this web proxy do confuse me:
1) We have web proxy enabled on the ISA on port 8080. So how is it that
firewall rules that authorize HTTP (port 80) access and HTTPS (port 443)
access are working through a web proxy on port 8080. Is there some kind of
implicit cooperation of the firewall rules for http/https/ftp when web proxy
is enabled?
2) I am quite confused by the option in web proxy configuration to allow
HTTPS as a separate proxy, with a certificate supplied. If we do NOT
configure that option, is HTTPS access simply bypassing web proxy and
reverting to direct HTTPS access?
--
Will
.
- Follow-Ups:
- Re: How to Prevent Non Proxy Use of Web Browsers
- From: Phillip Windell
- Re: How to Prevent Non Proxy Use of Web Browsers
- Prev by Date: Re: LDAP & Access Rule
- Next by Date: Re: blocking operation of "logmein" software
- Previous by thread: Re: LDAP & Access Rule
- Next by thread: Re: How to Prevent Non Proxy Use of Web Browsers
- Index(es):
Relevant Pages
|
