Mozilla Firefox: Fixing the proxer server settings for all users
in [Linux Networking]
|
Prev: SO_BINDTODEVICE
Next: Ping domain name vs nslookup IP
From: Balwinder S Dheeman on 8 Sep 2009 16:33 On 09/08/2009 09:38 PM, Mark Hobley wrote: > In comp.infosystems.www.browsers.x Balwinder S Dheeman <bsd.SANSPAM(a)cto.homelinux.net> wrote: > >> I think, is better you fix your filtering proxy server; you may add one >> feature or more on entertaining/forwarding the requests based on >> 'User-Agent', Remote-Address and, or other headers. > > The filter works fine, but I would like to bypass it for applications > other than Mozilla Firefox. I don't think that the filter offers > different facilities for different user-agents. It can be extended, if it is an open source project; and that seems to be right way to me. >> IHMO, the system wide default IceWeasel or such settings is not good, >> because competent users will/can still bye-pass your setup quite easily >> via Edit->Preferences->Advanced->Network-Settings->(*)No Proxy option. > > The LockPref facility is supposed to prevent this. I think maybe there > is a bug in Mozilla Firefox, which is preventing this from working. Firefox/IceWeasel can be fixed or tweaked in either custom. I hope so, but what if someone installs a personal version of Firefox, Arora, Chromium or other one in his/her home directory which does not read your system wide prefs? IMHO, after reading http://werc.homelinux.net/links/reference/unix_prog_design.pdf, you will that today's Unix, Linux, *BSD, FF, KDE, GNOME and other programs of software heading far away from the original concepts of Unix. Cheers, -- Balwinder S "bdheeman" Dheeman Registered Linux User: #229709 Anu'z Linux(a)HOME (Unix Shoppe) Machines: #168573, 170593, 259192 Chandigarh, UT, 160062, India Plan9, T2, Arch/Debian/FreeBSD/XP Home: http://werc.homelinux.net/ Visit: http://counter.li.org/
From: Mark Hobley on 10 Sep 2009 11:08 In comp.infosystems.www.browsers.x Balwinder S Dheeman <bsd.SANSPAM(a)cto.homelinux.net> wrote: > I hope so, but what if someone installs a personal version of Firefox, > Arora, Chromium or other one in his/her home directory which does not > read your system wide prefs? The /home directory is mounted noexec to prevent this. Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Mark Hobley on 14 Sep 2009 17:08 In comp.infosystems.www.browsers.x Mark Hobley <markhobley(a)hotpop.donottypethisbit.com> wrote: > Is there some additional configuration parameters, that I need to add in > order to set and lock the proxy server address? I have managed to solve this. To lock the proxy server, a full set of configuration entries are required. Add the following lines to the /etc/iceweasel/pref/iceweasel.js configuration file: // Proxy server settings lockPref("network.proxy.backup.ftp", "proxy.foobar.lan"); lockPref("network.proxy.backup.ftp_port", 9999); lockPref("network.proxy.backup.gopher", "proxy.foobar.lan"); lockPref("network.proxy.backup.gopher_port", 9999); lockPref("network.proxy.backup.socks", "proxy.foobar.lan"); lockPref("network.proxy.backup.socks_port", 9999); lockPref("network.proxy.backup.ssl", "proxy.foobar.lan"); lockPref("network.proxy.backup.ssl_port", 9999); lockPref("network.proxy.ftp", "proxy.foobar.lan"); lockPref("network.proxy.ftp_port", 9999); lockPref("network.proxy.gopher", "proxy.foobar.lan"); lockPref("network.proxy.gopher_port", 9999); lockPref("network.proxy.http", "proxy.foobar.lan"); lockPref("network.proxy.http_port", 9999); lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, 10.0.0.0/8, 192.168.0.0/8, foobar.lan"); lockPref("network.proxy.share_proxy_settings", true); lockPref("network.proxy.socks", "proxy.foobar.lan"); lockPref("network.proxy.socks_port", 9999); lockPref("network.proxy.ssl", "proxy.foobar.lan"); lockPref("network.proxy.ssl_port", 9999); lockPref("network.proxy.type", 1); Regards, Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Balwinder S Dheeman on 15 Sep 2009 07:45 On 09/15/2009 02:38 AM, Mark Hobley wrote: > In comp.infosystems.www.browsers.x Mark Hobley <markhobley(a)hotpop.donottypethisbit.com> wrote: >> Is there some additional configuration parameters, that I need to add in >> order to set and lock the proxy server address? > > I have managed to solve this. To lock the proxy server, a full set of > configuration entries are required. Add the following lines to the > /etc/iceweasel/pref/iceweasel.js configuration file: > > // Proxy server settings > lockPref("network.proxy.backup.ftp", "proxy.foobar.lan"); > lockPref("network.proxy.backup.ftp_port", 9999); > lockPref("network.proxy.backup.gopher", "proxy.foobar.lan"); > lockPref("network.proxy.backup.gopher_port", 9999); > lockPref("network.proxy.backup.socks", "proxy.foobar.lan"); > lockPref("network.proxy.backup.socks_port", 9999); > lockPref("network.proxy.backup.ssl", "proxy.foobar.lan"); > lockPref("network.proxy.backup.ssl_port", 9999); > lockPref("network.proxy.ftp", "proxy.foobar.lan"); > lockPref("network.proxy.ftp_port", 9999); > lockPref("network.proxy.gopher", "proxy.foobar.lan"); > lockPref("network.proxy.gopher_port", 9999); > lockPref("network.proxy.http", "proxy.foobar.lan"); > lockPref("network.proxy.http_port", 9999); > lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, 10.0.0.0/8, 192.168.0.0/8, foobar.lan"); > lockPref("network.proxy.share_proxy_settings", true); > lockPref("network.proxy.socks", "proxy.foobar.lan"); > lockPref("network.proxy.socks_port", 9999); > lockPref("network.proxy.ssl", "proxy.foobar.lan"); > lockPref("network.proxy.ssl_port", 9999); > lockPref("network.proxy.type", 1); > > Regards, That's good. But, what if the users use something other than IceWeasel? Hope it works for you, but this IMHO is not the right way. I for one shall never ever recommend such a weak setup. The best way to control use of network is control it from your gateway/router possibly with the help of filtering proxy sever. I have not checked, but am sure Squid can do it by add-on scripts (adblocker comes into mind. OTOH, If Squid seems too big and, or resource hungry to you, the Polipo is an open source, tiny caching web (only http, but supports HTTP/1.1) proxy designed to be used as a personal cache or a cache shared among a few users. I think, it would good to add hooks for running scripts or adding plug-ins to it for filtering. -- Balwinder S "bdheeman" Dheeman Registered Linux User: #229709 Anu'z Linux(a)HOME (Unix Shoppe) Machines: #168573, 170593, 259192 Chandigarh, UT, 160062, India Plan9, T2, Arch/Debian/FreeBSD/XP Home: http://werc.homelinux.net/ Visit: http://counter.li.org/
From: Joe Beanfish on 15 Sep 2009 12:52
Balwinder S Dheeman wrote: > On 09/15/2009 02:38 AM, Mark Hobley wrote: >> In comp.infosystems.www.browsers.x Mark Hobley <markhobley(a)hotpop.donottypethisbit.com> wrote: >>> Is there some additional configuration parameters, that I need to add in >>> order to set and lock the proxy server address? >> I have managed to solve this. To lock the proxy server, a full set of >> configuration entries are required. Add the following lines to the >> /etc/iceweasel/pref/iceweasel.js configuration file: >> >> // Proxy server settings >> lockPref("network.proxy.backup.ftp", "proxy.foobar.lan"); >> lockPref("network.proxy.backup.ftp_port", 9999); >> lockPref("network.proxy.backup.gopher", "proxy.foobar.lan"); >> lockPref("network.proxy.backup.gopher_port", 9999); >> lockPref("network.proxy.backup.socks", "proxy.foobar.lan"); >> lockPref("network.proxy.backup.socks_port", 9999); >> lockPref("network.proxy.backup.ssl", "proxy.foobar.lan"); >> lockPref("network.proxy.backup.ssl_port", 9999); >> lockPref("network.proxy.ftp", "proxy.foobar.lan"); >> lockPref("network.proxy.ftp_port", 9999); >> lockPref("network.proxy.gopher", "proxy.foobar.lan"); >> lockPref("network.proxy.gopher_port", 9999); >> lockPref("network.proxy.http", "proxy.foobar.lan"); >> lockPref("network.proxy.http_port", 9999); >> lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, 10.0.0.0/8, 192.168.0.0/8, foobar.lan"); >> lockPref("network.proxy.share_proxy_settings", true); >> lockPref("network.proxy.socks", "proxy.foobar.lan"); >> lockPref("network.proxy.socks_port", 9999); >> lockPref("network.proxy.ssl", "proxy.foobar.lan"); >> lockPref("network.proxy.ssl_port", 9999); >> lockPref("network.proxy.type", 1); >> >> Regards, > > That's good. > > But, what if the users use something other than IceWeasel? > > Hope it works for you, but this IMHO is not the right way. I for one > shall never ever recommend such a weak setup. The best way to control > use of network is control it from your gateway/router possibly with the > help of filtering proxy sever. I have not checked, but am sure Squid can > do it by add-on scripts (adblocker comes into mind. > > OTOH, If Squid seems too big and, or resource hungry to you, the Polipo > is an open source, tiny caching web (only http, but supports HTTP/1.1) > proxy designed to be used as a personal cache or a cache shared among a > few users. I think, it would good to add hooks for running scripts or > adding plug-ins to it for filtering. > From previous posts it sounds like he's setting up a kiosk or similar system where the users won't be able to get a shell or install software so they probably won't have much choice about what to run. |