> In other words, you don't need to differentiate access
> per site/computer/user.
That's correct.
> Do these connections involve static IPs? src based
> ACLs would work nicely in that case.
If they had static IPs, I would have figured this out before I posted
to the list. ;-)
> The approach you have outlined should work just fine.
OK, that's what I needed to know. I believe I now understand why
interception *shouldn't* be done, but sometimes one must sacrifice a
little to get the job done.
Truthfully, the biggest problem with our current setup is that you
can't _truly_ lock user prefs in Firefox on OSX. We did some research
on locking them and did have success, but the OSX binary for Firefox
is a fully self-contained package. This means that even if we did
lock some settings, such as proxy settings, a user could simply
download a new Firefox image and run it from their desktop, thus
bypassing all previous locks. That's how we were led to the
intercepting proxy idea
> Given there isn't going to be much (if any) difference
> between workstations it shouldn't be difficult to care for.
> Another approach would be static IPs and src based
> ACLs (as mentioned above).
We toyed around with some other ideas involving DNS or some type of
automatic registration by each host, but that got ugly, quick.
Problem w/ the IP approach is that some of the ISPs don't provide
static IPs unless you pay an extra $30/month. When you're a young
company, every dime counts.
Thanks for your help.
Received on Tue Feb 21 2006 - 18:16:48 MST
This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST