View Single Post
  #2   (View Single Post)  
Old 16th April 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

The only real way I can see is running Squid as a transparent proxy on localhost and using PF on the internal interface to redirect http traffic ports (see Safe Ports in squid.conf, but not 443!) to Squid.

Then you'll have to lock down the internal interface, only opening the necessary/allowed ports outbound (or people will just point their browsers to http://some_proxy:9156 and defeat your redirection.

This is not airtight. You will have to allow port 443 through (SSL and transparent proxies don't mix), and probably ports like 22 as well.

So external proxies that can be reached by SSL/SSH (either directly (proxies running on port 443 or 22 exist) or using tunnels) can still be contacted and used.

It will be a lot harder for most average users, though.
Reply With Quote