Mozilla Firefox: Fixing the proxer server settings for all users
in [Linux Networking]
|
Prev: SO_BINDTODEVICE
Next: Ping domain name vs nslookup IP
From: Mark Hobley on 7 Sep 2009 05:08 I am using the iceweasel browser, which is essentially a version of Mozilla Firefox. I want to globally configure the browser so that the proxy server address is fixed for all users and cannot be overwritten. I have added the following entries to the /etc/iceweasel/pref/iceweasel.js configuration file, but the settings do not seem to be having any effect: lockPref("network.proxy.http", neptune.markhobley.yi.org); lockPref("network.proxy.http_port", 8888); lockPref("network.proxy.no_proxies_on", localhost, 127.0.0.1, 10.0.0.0/8, markhobley.yi.org); lockPref("network.proxy.type", 1); Is there some additional configuration parameters, that I need to add in order to set and lock the proxy server address? Thanks in advance to anyone who can help. Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Balwinder S Dheeman on 7 Sep 2009 17:55 On 09/07/2009 02:38 PM, Mark Hobley wrote: > I am using the iceweasel browser, which is essentially a version of > Mozilla Firefox. I want to globally configure the browser so that the proxy > server address is fixed for all users and cannot be overwritten. > > I have added the following entries to the /etc/iceweasel/pref/iceweasel.js > configuration file, but the settings do not seem to be having any effect: > > lockPref("network.proxy.http", neptune.markhobley.yi.org); > lockPref("network.proxy.http_port", 8888); > lockPref("network.proxy.no_proxies_on", localhost, 127.0.0.1, 10.0.0.0/8, markhobley.yi.org); > lockPref("network.proxy.type", 1); > > Is there some additional configuration parameters, that I need to add in > order to set and lock the proxy server address? > > Thanks in advance to anyone who can help. I think, is better you run/setup a transparent proxy with the help of netfileter/iptables and point all your machines to use your proxy/netfilter machine as a gateway, a DHCP Server on same machine can do this. OTOH, I'm unable to guess what proxy server in running at your 8888 port; squid comes into mind, it is versatile and mature, but polipo can also be a good alternative. The later does not have an ftp support though. -- Balwinder S "bdheeman" Dheeman Registered Linux User: #229709 Anu'z Linux(a)HOME (Unix Shoppe) Machines: #168573, 170593, 259192 Chandigarh, UT, 160062, India Plan9, T2, Arch/Debian/FreeBSD/XP Home: http://werc.homelinux.net/ Visit: http://counter.li.org/
From: Mark Hobley on 7 Sep 2009 21:08 In comp.infosystems.www.browsers.x Balwinder S Dheeman <bsd.SANSPAM(a)cto.homelinux.net> wrote: > I think, is better you run/setup a transparent proxy with the help of > netfileter/iptables and point all your machines to use your > proxy/netfilter machine as a gateway, a DHCP Server on same machine can > do this. I can do this, but I would still like to be able to fix the settings in the browser. There are some packages on the machines, which use http but are not browsers which do not need to go through the proxy. > OTOH, I'm unable to guess what proxy server in running at your 8888 > port Currently, it is just a filtering proxy, but I might switch to a dynamic on the fly page editing proxy at a later date. Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Balwinder S Dheeman on 8 Sep 2009 09:54 On 09/08/2009 06:38 AM, Mark Hobley wrote: > In comp.infosystems.www.browsers.x Balwinder S Dheeman <bsd.SANSPAM(a)cto.homelinux.net> wrote: >> I think, is better you run/setup a transparent proxy with the help of >> netfileter/iptables and point all your machines to use your >> proxy/netfilter machine as a gateway, a DHCP Server on same machine can >> do this. > > I can do this, but I would still like to be able to fix the settings > in the browser. There are some packages on the machines, which use http > but are not browsers which do not need to go through the proxy. > >> OTOH, I'm unable to guess what proxy server in running at your 8888 >> port > > Currently, it is just a filtering proxy, but I might switch to a dynamic > on the fly page editing proxy at a later date. I'm quite impressed with the functionality of *AdBlock Plus* (http://adblockplus.org/en/), but I still don't like the way they do it via a Firefox/IceWesel/Conquerer extension; The idea is good, but the implementation is not in Unix/Linux way. I think, is better you fix your filtering proxy server; you may add one feature or more on entertaining/forwarding the requests based on 'User-Agent', Remote-Address and, or other headers. IHMO, the system wide default IceWeasel or such settings is not good, because competent users will/can still bye-pass your setup quite easily via Edit->Preferences->Advanced->Network-Settings->(*)No Proxy option. -- Balwinder S "bdheeman" Dheeman Registered Linux User: #229709 Anu'z Linux(a)HOME (Unix Shoppe) Machines: #168573, 170593, 259192 Chandigarh, UT, 160062, India Plan9, T2, Arch/Debian/FreeBSD/XP Home: http://werc.homelinux.net/ Visit: http://counter.li.org/
From: Mark Hobley on 8 Sep 2009 12:08
In comp.infosystems.www.browsers.x Balwinder S Dheeman <bsd.SANSPAM(a)cto.homelinux.net> wrote: > I think, is better you fix your filtering proxy server; you may add one > feature or more on entertaining/forwarding the requests based on > 'User-Agent', Remote-Address and, or other headers. The filter works fine, but I would like to bypass it for applications other than Mozilla Firefox. I don't think that the filter offers different facilities for different user-agents. > IHMO, the system wide default IceWeasel or such settings is not good, > because competent users will/can still bye-pass your setup quite easily > via Edit->Preferences->Advanced->Network-Settings->(*)No Proxy option. The LockPref facility is supposed to prevent this. I think maybe there is a bug in Mozilla Firefox, which is preventing this from working. Cheers, Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/ |