Re: supressing IE

From: Kurt Seifried (bt_at_seifried.org)
Date: 07/06/04

  • Next message: Ansgar -59cobalt- Wiechers: "Re: supressing IE"
    To: "Zachary Mutrux" <zmutrux@compumentor.org>, "Focus-MS" <focus-ms@securityfocus.com>
    Date: Mon, 5 Jul 2004 16:16:23 -0700
    
    

    You can go BOFH style on them. Using Apache as a web proxy (unfortunately I
    can't figure out a way to do this in Squid) you can limit or restrict users,
    based on what the "User-Agent" string reports. For example in httpd.conf:

    SetEnvIfNoCase User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
    5.1; .NET CLR 1.1.4322)" bad_browser

    You can then use that variable later on, for example in bandwidth limiting
    directives, or access control directives. Or you could redirect them to HTTP
    rewrite pages telling them not to use that browser and provide a link to
    download firefox/etc every once in a while.

    Or you could just set site policy, install it remotely and use GPO as
    mentioned to make them use it. Personally I would be careful taking IE away,
    many business web based applications require ActiveX, meaning they only work
    with IE. Of course you could just filter outgoing access and let user's
    access the sites they must with IE and block everything else.

    Kurt Seifried, kurt@seifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Ansgar -59cobalt- Wiechers: "Re: supressing IE"

    Relevant Pages

    • Re: Looking for a Firewall for a Small Business
      ... my corporation uses a web proxy to keep employees ... This requires our web browsers to be ... Would it be possible with Squid to allow certain users to ... But the real issue is getting a quality configuration that permits users ...
      (comp.security.firewalls)
    • Re: Squid URL Filtering Bypass
      ... but I did some tests in a new installation of Squid and the acl ... to GET translation attack, because the CONNECT method will not work ... Squid do a better job than McAfee Web Gateway. ... proxy and the web proxy through Squid. ...
      (Bugtraq)
    • Re: Looking for a Firewall for a Small Business
      ... my corporation uses a web proxy to keep employees ... from accessing certain cites. ... This requires our web browsers to be ... Would it be possible with Squid to allow certain users to ...
      (comp.security.firewalls)
    • Re: Looking for a Firewall for a Small Business
      ... my corporation uses a web proxy to keep employees ... from accessing certain cites. ... This requires our web browsers to be ... Would it be possible with Squid to allow certain users to ...
      (comp.security.firewalls)