[sdnog] Force client to use HTTP proxy
Nishal Goburdhan
nishal at controlfreak.co.za
Mon Jan 7 10:37:22 SAST 2019
On 7 Jan 2019, at 3:29, Kabantsh Alameen wrote:
> Good morning everyone
> i did install and configured http proxy on the infrastructure (squid)
> and i want to force the employees to use this proxy server instead of
> direct connection for the sake of management i've found two methods
> :-
>
> 1- With the DHCP server in option number 252 on cisco L3 swich
> but it didin't work. and also our DHCP server in the Router of the ISP
> (Which i don't have and access to).
> 2- With blocking TCP ports 80 and 443 on the incoming way
>
> is there any way to do that ??? or if someone can help me to get
> further in
> one of the previous steps ????
you could also try WCCP [1] as well; that will transparently route
traffic you define (eg. tcp80) to a cache.
you’ll probably want to have two interfaces on your caches for easier
management; and i’d put them in a separate vlan so you can add more
if you need to (ie scale horizontally) later.
proxying http isn’t going to be as useful as it was, say, 5 years ago,
as more and more of the web starts to move to using https now.
—n.
[1] https://en.wikipedia.org/wiki/Web_Cache_Communication_Protocol
More information about the sdnog
mailing list