Forcing customers to use web proxy cache

To block direct web access for your network(s) and force people to use proxies, you should add the following access list to your router LAN port (inbound).Here is a sample cisco router configuration:

router#configure terminal
router(config)#access-list 100 permit tcp any host 192.189.54.60 eq www
router(config)#access-list 100 deny tcp any any eq www
router(config)#access-list 100 permit ip any any
router(config)#interface Ethernet0
router(config-if)#ip access-group 100 in
router(config-if)#end
router#copy running-config startup-config

The option in the second line allows your users to use proxy.connect.com.au proxy autoconfig scripts. (NB: Using these scripts will bypass your proxy to use AAPT’s.)

This assumes that access-list 100 was unused. If you have your own proxy and want to bypass the Connect caches (permanently or occasionally) you need an additional rule which allows the cache access to port 80.

For example:

router(config)#access-list 100 permit tcp host xx.xx.xx.xx
any eq www

before the deny rule. Otherwise, you should configure your browsers to use proxy.connect.com.au, port 8080. Also, proxy.connect.com.au may be accessed for proxy auto-config.

If you are already using an inbound access-list on the LAN interface,then this has to be merged with your current list of course. The filter can alternatively be applied to the WAN interface (outbound).

Related posts

• Reloading a corrupted page (0)
• Knowing about proxy servers (0)