Re: supressing IE
From: Kurt Seifried (bt_at_seifried.org)
Date: 07/06/04
- Previous message: zrowe_at_zercomputers.com: "RE: supressing IE"
- In reply to: Zachary Mutrux: "supressing IE"
- Next in thread: Paul Smith: "Re: supressing IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Zachary Mutrux" <zmutrux@compumentor.org>, "Focus-MS" <focus-ms@securityfocus.com> Date: Mon, 5 Jul 2004 16:16:23 -0700
You can go BOFH style on them. Using Apache as a web proxy (unfortunately I
can't figure out a way to do this in Squid) you can limit or restrict users,
based on what the "User-Agent" string reports. For example in httpd.conf:
SetEnvIfNoCase User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; .NET CLR 1.1.4322)" bad_browser
You can then use that variable later on, for example in bandwidth limiting
directives, or access control directives. Or you could redirect them to HTTP
rewrite pages telling them not to use that browser and provide a link to
download firefox/etc every once in a while.
Or you could just set site policy, install it remotely and use GPO as
mentioned to make them use it. Personally I would be careful taking IE away,
many business web based applications require ActiveX, meaning they only work
with IE. Of course you could just filter outgoing access and let user's
access the sites they must with IE and block everything else.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: zrowe_at_zercomputers.com: "RE: supressing IE"
- In reply to: Zachary Mutrux: "supressing IE"
- Next in thread: Paul Smith: "Re: supressing IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
