We're using squid 2.2.stable5 as proxy on a SuSE 7.0 box and i would like ALL users to go through the proxy... I know we have some users that play with internet and disable their proxy parameters.... how can I ban "direct internet access" so only proxy connections pass through (whatever is configure on users win stations) ?
The other answers are good if they have to route outgoing packets through your firewall/router. But 2 general points : 1) Why are they circumventing the cache? Some sites use things like NTLM authentication and don't work with squid (unless they've added it in last 6 months), or break RFCs with things like spaces in filenames. squid will (against rfcs) do translations, perhaps that will make the cache more popular. It might not just be tinkering for the sake of it, you may have to build quite large lists of uncacheable sites which should be served direct. 2) A sneaky user can still break through your security, by using other ports and an outside proxy. So if it's important, use a private network, and explicitly enable the services they need, rather than trying to plug holes in a dyke. Regards Rob